Oval Definition:oval:org.mitre.oval:def:9363
Revision Date:2013-04-29Version:12
Title:The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Description:The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-3095
Platform(s):CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • httpd-devel is earlier than 0:2.0.46-77.ent
  • OR mod_ssl is earlier than 0:2.0.46-77.ent
  • OR httpd is earlier than 0:2.0.46-77.ent
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • httpd-suexec is earlier than 0:2.0.52-41.ent.6
  • OR httpd-manual is earlier than 0:2.0.52-41.ent.6
  • OR httpd-devel is earlier than 0:2.0.52-41.ent.6
  • OR mod_ssl is earlier than 0:2.0.52-41.ent.6
  • OR httpd is earlier than 0:2.0.52-41.ent.6
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • httpd-manual is earlier than 0:2.2.3-31.el5_4.2
  • OR httpd-devel is earlier than 0:2.2.3-31.el5_4.2
  • OR mod_ssl is earlier than 0:2.2.3-31.el5_4.2
  • OR httpd is earlier than 0:2.2.3-31.el5_4.2
    • BACK