CVE-2009-3095

Published: 8 September 2009

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

Priority

Status

Package	Release	Status
apache2 Launchpad, Ubuntu, Debian	dapper	Released (2.0.55-4ubuntu2.9)
	hardy	Released (2.2.8-1ubuntu0.14)
	intrepid	Released (2.2.9-7ubuntu3.5)
	jaunty	Released (2.2.11-2ubuntu2.5)
	karmic	Released (2.2.12-1ubuntu2.1)
	upstream	Released (2.2.14)
	Patches: upstream: http://svn.apache.org/viewvc?revision=814045&view=revision

References

https://ubuntu.com/security/notices/USN-860-1
https://www.cve.org/CVERecord?id=CVE-2009-3095
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=522209

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›