CVE-2009-3095
httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
El módulo mod_proxy_ftp en el sevidor HTTP Apache, permite a atacantes remotos evitar las restricciones de acceso establecidas y enviar comandos de su elección a un servidor FTP mediante vectores relacionados con la incrustación de estos comandos en una cabecera "Authorization HTTP", como se demostró con un determinado módulo en VulnDisco Pack Professional v8.11. NOTA: hasta el 03/09/2009 esta vulnerabilidad no tenía información para su puesta en práctica. Sin embargo, ya que el autor de VulnDisco Pack en un investigador de confianza, se ha asignado un CVE al problema para su seguimiento.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-09-08 CVE Reserved
- 2009-09-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (40)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | >= 2.0.35 < 2.0.64 Search vendor "Apache" for product "Http Server" and version " >= 2.0.35 < 2.0.64" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | >= 2.2.0 < 2.2.14 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.14" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 10 Search vendor "Fedoraproject" for product "Fedora" and version "10" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 12 Search vendor "Fedoraproject" for product "Fedora" and version "12" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 10.3 Search vendor "Opensuse" for product "Opensuse" and version "10.3" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.0 Search vendor "Opensuse" for product "Opensuse" and version "11.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.1 Search vendor "Opensuse" for product "Opensuse" and version "11.1" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 10 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "10" | sp2 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 10 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "10" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 9 Search vendor "Suse" for product "Linux Enterprise Server" and version "9" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10" | sp2 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.6.3 Search vendor "Apple" for product "Mac Os X" and version " < 10.6.3" | - |
Affected
|