Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux) Network Vulnerability

Summary

The host is running Apache and is prone to Command Injection vulnerability.

Impact

Successful exploitation could allow remote attackers to bypass intended access restrictions in the context of the affected application, and can cause the arbitrary command injection. Impact Level: Application

Solution

Upgrade to Apache HTTP Server version 2.2.15 or later For updates refer to http://www.apache.org/

Insight

The flaw is due to error in the mod_proxy_ftp module which can be exploited via vectors related to the embedding of these commands in the Authorization HTTP header.

Affected

Apache HTTP Server on Linux.

References

http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3095

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)
Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)

Take action and discover your vulnerabilities