CVE-2009-3095

Description

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

How to fix CVE-2009-3095

To remediate CVE-2009-3095, upgrade the affected package to a fixed version below.

• Debian/apache2—upgrade to 2.2.13-2 or later

Is CVE-2009-3095 being exploited?

Low — EPSS is 3.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.2.13-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-3095