The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
References
Link Providers
http://intevydis.com/vd-list.shtml cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=126998684522511&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=127557640302499&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=130497311408250&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133355494609819&w=2 cve-icon cve-icon
http://secunia.com/advisories/37152 cve-icon cve-icon
http://support.apple.com/kb/HT4077 cve-icon cve-icon
http://wiki.rpath.com/Advisories:rPSA-2009-0155 cve-icon cve-icon
http://www.debian.org/security/2009/dsa-1934 cve-icon cve-icon
http://www.securityfocus.com/archive/1/508075/100/0/threaded cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=522209 cve-icon cve-icon
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-3095 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8662 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9363 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-3095 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-08T18:00:00

Updated: 2024-08-07T06:14:56.390Z

Reserved: 2009-09-08T00:00:00

Link: CVE-2009-3095

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-09-08T18:30:00.670

Modified: 2024-11-21T01:06:31.720

Link: CVE-2009-3095

cve-icon Redhat

Severity : Low

Publid Date: 2009-09-03T00:00:00Z

Links: CVE-2009-3095 - Bugzilla