CVE-2009-3095
Description
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
3.03
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Apache to version 2.2.13 | Windows |
| Vulnerabilities CVE-2009-3094,CVE-2009-3095 are fixed in Apache 2.2.14 | Windows |
| Multiple vulnerabilities are fixed in Apache 2.0.64 | Windows |
| Update Apache to version 2.2.13 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234