CVE-2009-3094
LOW severity · CVSS 2.6 · CWE-476
2.6CVSS LOW
Summary
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)9%
AV:N/AC:H/Au:N/C:N/I:N/A:P
Affected products we track (2)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/36549Advisory
- http://secunia.com/advisories/37152Advisory
- http://intevydis.com/vd-list.shtml
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlAdvisory
- http://marc.info/?l=bugtraq&m=126998684522511&w=2Advisory
- http://marc.info/?l=bugtraq&m=127557640302499&w=2Advisory
- http://marc.info/?l=bugtraq&m=133355494609819&w=2Advisory
- http://wiki.rpath.com/Advisories:rPSA-2009-0155