2.6
CVSSv2

CVE-2009-3094

Published: 08/09/2009 Updated: 07/11/2023
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 233
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Summary

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

fedoraproject fedora 10

fedoraproject fedora 12

debian debian linux 5.0

debian debian linux 4.0

Vendor Advisories

Synopsis Moderate: httpd and httpd22 security update Type/Severity Security Advisory: Moderate Topic Updated httpd and httpd22 packages that fix multiple security issues arenow available for JBoss Enterprise Web Server 100 for Red Hat EnterpriseLinux 4 and 5This update has been rated as having moderate s ...
Debian Bug report logs - #545951 CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS Package: apache22-common; Maintainer for apache22-common is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache22-common is src:apache2 (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit&gt ...
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session The flaw is with TLS renegotiation and potentially affects any software that supports this feat ...
A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection The attack is related to the way how TLS and SSL handle session renegotiations CVE-2009-3555 has been assigned to this vulnerability As a partial mitigation against this attack, this apache2 update ...

References

CWE-476http://intevydis.com/vd-list.shtmlhttp://www.intevydis.com/blog/?p=59http://secunia.com/advisories/36549http://secunia.com/advisories/37152http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlhttp://www.debian.org/security/2009/dsa-1934http://wiki.rpath.com/Advisories:rPSA-2009-0155https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=521619https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1PK96858http://www.vupen.com/english/advisories/2010/0609http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161http://marc.info/?l=bugtraq&m=126998684522511&w=2http://marc.info/?l=bugtraq&m=133355494609819&w=2http://marc.info/?l=bugtraq&m=127557640302499&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981http://www.securityfocus.com/archive/1/508075/100/0/threadedhttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2010:0011https://nvd.nist.govhttps://usn.ubuntu.com/860-1/