Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Web Servers
Title:Apache HTTP Server 'mod_proxy_ftp' Module Command Injection Vulnerability
Summary:Apache HTTP Server is prone to a command injection; vulnerability.
Apache HTTP Server is prone to a command injection

Vulnerability Insight:
The flaw is due to error in the mod_proxy_ftp module which
can be exploited via vectors related to the embedding of these commands in the Authorization
HTTP header.

Vulnerability Impact:
Successful exploitation could allow remote attackers to
bypass intended access restrictions in the context of the affected application, and can
cause the arbitrary command injection.

Affected Software/OS:
Apache HTTP Server 1.3.x, 2.0.x through 2.0.63 and 2.2.x through 2.2.13
running mod_proxy_ftp.

Update to Apache HTTP Server version 2.0.64, 2.2.14
or later.

CVSS Score:

CVSS Vector:

Cross-Ref: BugTraq ID: 36254
Common Vulnerability Exposure (CVE) ID: CVE-2009-3095
Bugtraq: 20091124 rPSA-2009-0155-1 httpd mod_ssl (Google Search)
Debian Security Information: DSA-1934 (Google Search)
HPdes Security Advisory: HPSBMU02753
HPdes Security Advisory: HPSBOV02506
HPdes Security Advisory: HPSBOV02683
HPdes Security Advisory: HPSBUX02531
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT090244
HPdes Security Advisory: SSRT100108
HPdes Security Advisory: SSRT100782
SuSE Security Announcement: SUSE-SA:2009:050 (Google Search)
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.