Description

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

Remediation

References

CVE-2009-3095

Related Vulnerabilities

WordPress Plugin Amelia-Events & Appointments Booking Calendar Cross-Site Scripting (1.0.46)

EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843)

WordPress 4.4.x Denial of Service Vulnerability (4.4 - 4.4.14)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9733)

TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-26228)

Severity

Medium

Classification

CVE-2009-3095

Tags

Missing Update Known Vulnerabilities