Summary
The host is running Apache and is prone to Denial of Service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a Denial of Service in the context of the affected application.
Impact Level: Application
Solution
Upgrade to Apache HTTP Server version 2.2.15 or later For updates refer to http://www.apache.org/
Insight
The flaw is due to an error in 'ap_proxy_ftp_handler' function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module while processing responses received from FTP servers. This can be exploited to trigger a NULL-pointer dereference and crash an Apache child process via a malformed EPSV response.
Affected
Apache HTTP Server version 2.0.x to 2.0.63 and and 2.2.x to 2.2.13 on Linux.
References
Severity
Classification
-
CVE CVE-2009-3094 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows)
- TYPSoft FTP Server 'APPE' and 'DELE' Commands DOS Vulnerability
- Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win
- Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Mac OS X)
- Wireshark IKE Packet Denial of Service Vulnerability (Win)