PT-2009-5422 · Apache+1 · Apache Http Server+1

Publicado

2009-09-02

Atualizado

2024-06-15

CVE-2009-3094

CVSS v2.0

2.6

Baixa

Vetor

AV:N/AC:H/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.63 and 2.2.13

Description: The issue allows remote FTP servers to cause a denial of service, resulting in a NULL pointer dereference and child process crash, via a malformed reply to an EPSV command. This is due to a problem in the ap proxy ftp handler function in the mod proxy ftp module.

Recommendations: For Apache HTTP Server version 2.0.63, update to a version that fixes the issue in the mod proxy ftp module. For Apache HTTP Server version 2.2.13, update to a version that fixes the issue in the mod proxy ftp module. As a temporary workaround, consider disabling the mod proxy ftp module until a patch is available.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2009-3094

DSA-1934-1

HPSBUX02531

OPENSUSE-SU-2024:10268-1

RHSA-2009:1461

RHSA-2009:1579

RHSA-2009:1580

RHSA-2009_1579

RHSA-2009_1580

RHSA-2010:0011

RHSA-2010:0602

Produtos afetados

Apache Http Server

Red Hat

PT-2009-5422 · Apache+1 · Apache Http Server+1

CVE-2009-3094

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 147