Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

The host is running Apache and is prone to Denial of Service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a Denial of Service in the context of the affected application. Impact Level: Application

Solution

Upgrade to Apache HTTP Server version 2.2.15 or later For updates refer to http://www.apache.org/

Insight

The flaw is due to an error in 'ap_proxy_ftp_handler' function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module while processing responses received from FTP servers. This can be exploited to trigger a NULL-pointer dereference and crash an Apache child process via a malformed EPSV response.

Affected

Apache HTTP Server version 2.0.x to 2.0.63 and and 2.2.x to 2.2.13 on Linux.

References

http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html
http://secunia.com/advisories/36549
http://www.intevydis.com/blog/?p=59

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3094
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows)
Trend Micro OfficeScan Client Denial Of Service Vulnerability
Wireshark IKE Packet Denial of Service Vulnerability (Win)
Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Mac OS X)
Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability

Take action and discover your vulnerabilities