PT-2009-5422 · Apache+1 · Apache Http Server+1

Published

2009-09-02

Updated

2024-06-15

CVE-2009-3094

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.63 and 2.2.13

Description: The issue allows remote FTP servers to cause a denial of service, resulting in a NULL pointer dereference and child process crash, via a malformed reply to an EPSV command. This is due to a problem in the ap proxy ftp handler function in the mod proxy ftp module.

Recommendations: For Apache HTTP Server version 2.0.63, update to a version that fixes the issue in the mod proxy ftp module. For Apache HTTP Server version 2.2.13, update to a version that fixes the issue in the mod proxy ftp module. As a temporary workaround, consider disabling the mod proxy ftp module until a patch is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2009-3094

DSA-1934-1

HPSBUX02531

OPENSUSE-SU-2024:10268-1

RHSA-2009:1461

RHSA-2009:1579

RHSA-2009:1580

RHSA-2009_1579

RHSA-2009_1580

RHSA-2010:0011

RHSA-2010:0602

Affected Products

Apache Http Server

Red Hat

PT-2009-5422 · Apache+1 · Apache Http Server+1

CVE-2009-3094

Weakness Enumeration

Related Identifiers

Affected Products

References · 147