CVE-2009-3095

Source
https://nvd.nist.gov/vuln/detail/CVE-2009-3095
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-3095.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2009-3095
Related
Published
2009-09-08T18:30:00Z
Modified
2024-06-30T12:00:03Z
Summary
[none]
Details

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

References

Affected packages

Debian:11 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.13-2

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.13-2

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.13-2

Ecosystem specific

{
    "urgency": "low"
}