5

CVE-2009-3095

EPSS 3.99%
Published 08.09.2009 18:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

Affected products Warnungen 0 Metrics 2 CWE 0 References 42

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version >= 2.0.35 < 2.0.64

Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.14

Fedoraproject ≫ Fedora Version10

Fedoraproject ≫ Fedora Version12

Debian ≫ Debian Linux Version4.0

Opensuse ≫ Opensuse Version10.3

Opensuse ≫ Opensuse Version11.0

Opensuse ≫ Opensuse Version11.1

Suse ≫ Linux Enterprise Desktop Version10 Updatesp2

Suse ≫ Linux Enterprise Desktop Version10 Updatesp3

Suse ≫ Linux Enterprise Server Version9

Suse ≫ Linux Enterprise Server Version10 Updatesp2

Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEdition-

Suse ≫ Linux Enterprise Server Version11 Update-

Apple ≫ macOS X Version < 10.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.99%	0.88

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

http://marc.info/?l=bugtraq&m=130497311408250&w=2

Third Party Advisory

Not Applicable

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT4077

Third Party Advisory

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/37152

Third Party Advisory

Not Applicable

https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E

http://intevydis.com/vd-list.shtml

Broken Link

http://marc.info/?l=bugtraq&m=126998684522511&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=127557640302499&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=133355494609819&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://wiki.rpath.com/Advisories:rPSA-2009-0155

Broken Link

http://www.debian.org/security/2009/dsa-1934

Third Party Advisory

http://www.securityfocus.com/archive/1/508075/100/0/threaded

Third Party Advisory

VDB Entry

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=522209

Third Party Advisory

Issue Tracking

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8662

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9363

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-3095

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3095

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3095

EUVD