CVE-2009-3094
apache2 - several issues
EPSS 2.8%
Description
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
How to fix CVE-2009-3094
To remediate CVE-2009-3094, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.13-2 or later
- Debian/apache2—upgrade to 2.2.3-4+etch11 or later
Is CVE-2009-3094 being exploited?
Low — EPSS is 2.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.2.13-2
- from 0, < 2.2.3-4+etch11