Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux) Network Vulnerability

Summary

The host is running Apache and is prone to Command Injection vulnerability.

Impact

Successful exploitation could allow remote attackers to bypass intended access restrictions in the context of the affected application, and can cause the arbitrary command injection. Impact Level: Application

Solution

Upgrade to Apache HTTP Server version 2.2.15 or later For updates refer to http://www.apache.org/

Insight

The flaw is due to error in the mod_proxy_ftp module which can be exploited via vectors related to the embedding of these commands in the Authorization HTTP header.

Affected

Apache HTTP Server on Linux.

References

http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3095

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
Adobe Air Multiple Vulnerabilities - December12 (Windows)
Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)

Take action and discover your vulnerabilities