CVE-2009-3095

Publication date 8 September 2009

Last updated 24 July 2024

Description

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apache2	9.10 karmic	Fixed 2.2.12-1ubuntu2.1
	9.04 jaunty	Fixed 2.2.11-2ubuntu2.5
	8.10 intrepid	Fixed 2.2.9-7ubuntu3.5
	8.04 LTS hardy	Fixed 2.2.8-1ubuntu0.14
	6.06 LTS dapper	Fixed 2.0.55-4ubuntu2.9

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
apache2	Upstream: http://svn.apache.org/viewvc?revision=814045&view=revision

References

Related Ubuntu Security Notices (USN)

USN-860-1
Apache vulnerabilities
19 November 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-3095