Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

The host is running Apache and is prone to Denial of Service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a Denial of Service in the context of the affected application. Impact Level: Application

Solution

Upgrade to Apache HTTP Server version 2.2.15 or later For updates refer to http://www.apache.org/

Insight

The flaw is due to an error in 'ap_proxy_ftp_handler' function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module while processing responses received from FTP servers. This can be exploited to trigger a NULL-pointer dereference and crash an Apache child process via a malformed EPSV response.

Affected

Apache HTTP Server version 2.0.x to 2.0.63 and and 2.2.x to 2.2.13 on Linux.

References

http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html
http://secunia.com/advisories/36549
http://www.intevydis.com/blog/?p=59

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3094

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Wireshark IKE Packet Denial of Service Vulnerability (Win)
MDaemon imap server DoS(2)
Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Mac OS X)
Wireshark SMB dissector Denial of Service Vulnerability (Windows)
Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Windows)

Take action and discover your vulnerabilities