Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-3095

Published: 08/09/2009 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Http Server

Vulnerability Summary

The mod_proxy_ftp module in the Apache HTTP Server allows remote malicious users to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

fedoraproject fedora 10

fedoraproject fedora 12

debian debian linux 4.0

opensuse opensuse 11.1

suse linux enterprise server 9

opensuse opensuse 11.0

opensuse opensuse 10.3

suse linux enterprise server 10

suse linux enterprise desktop 10

suse linux enterprise server 11

apple mac os x

Vendor Advisories

Red Hat: Moderate: httpd and httpd22 security update
Synopsis Moderate: httpd and httpd22 security update Type/Severity Security Advisory: Moderate Topic Updated httpd and httpd22 packages that fix multiple security issues arenow available for JBoss Enterprise Web Server 100 for Red Hat EnterpriseLinux 4 and 5This update has been rated as having moderate s ...
Debian CVElist Bug Report Logs: CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS
Debian Bug report logs - #545951 CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS Package: apache22-common; Maintainer for apache22-common is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache22-common is src:apache2 (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit&gt ...
Ubuntu Security Notice: apache2 vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session The flaw is with TLS renegotiation and potentially affects any software that supports this feat ...
Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues
A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection The attack is related to the way how TLS and SSL handle session renegotiations CVE-2009-3555 has been assigned to this vulnerability As a partial mitigation against this attack, this apache2 update ...

References

NVD-CWE-Otherhttp://intevydis.com/vd-list.shtmlhttp://secunia.com/advisories/37152http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlhttp://www.debian.org/security/2009/dsa-1934http://wiki.rpath.com/Advisories:rPSA-2009-0155https://bugzilla.redhat.com/show_bug.cgi?id=522209https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.htmlhttp://support.apple.com/kb/HT4077http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://marc.info/?l=bugtraq&m=130497311408250&w=2http://marc.info/?l=bugtraq&m=126998684522511&w=2http://marc.info/?l=bugtraq&m=133355494609819&w=2http://marc.info/?l=bugtraq&m=127557640302499&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9363https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8662http://www.securityfocus.com/archive/1/508075/100/0/threadedhttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2010:0011https://usn.ubuntu.com/860-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook