PT-2009-5423 · Apache+1 · Apache Http Server+1

Published

2009-09-03

Updated

2024-06-15

CVE-2009-3095

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server (affected versions not specified)

Description: The issue allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server. This is achieved by embedding commands in the Authorization HTTP header. In a reverse proxy configuration, a remote attacker could use this flaw to bypass access restrictions by creating a carefully-crafted HTTP Authorization header.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-3095

DSA-1934-1

HPSBUX02531

OPENSUSE-SU-2024:10268-1

RHSA-2009:1461

RHSA-2009:1579

RHSA-2009:1580

RHSA-2009_1579

RHSA-2009_1580

RHSA-2010:0011

RHSA-2010:0602

Affected Products

Apache Http Server

Red Hat

PT-2009-5423 · Apache+1 · Apache Http Server+1

CVE-2009-3095

Related Identifiers

Affected Products

References · 146