CVE-2009-3094 — LOW (2.6) — White Hats Nepal

Q: How severe is CVE-2009-3094?

CVE-2009-3094 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3094?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Fedoraproject Fedora, Debian Debian Linux.

Vulnerability Description

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.0.35, < 2.0.64
Fedoraproject	Fedora	10
Debian	Debian Linux	4.0

Related Weaknesses (CWE)

CWE-476

References

http://intevydis.com/vd-list.shtmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=126998684522511&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=127557640302499&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=133355494609819&w=2Issue TrackingMailing ListThird Party Advisory
http://secunia.com/advisories/36549Not ApplicableVendor Advisory
http://secunia.com/advisories/37152Not ApplicableVendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0155Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161Third Party Advisory
http://www.debian.org/security/2009/dsa-1934Third Party Advisory
http://www.intevydis.com/blog/?p=59Broken Link
http://www.securityfocus.com/archive/1/508075/100/0/threadedThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2010/0609Permissions RequiredVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=521619Issue TrackingThird Party Advisory

FAQ

What is CVE-2009-3094?

CVE-2009-3094 is a vulnerability with a CVSS score of 2.6 (LOW). The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL poin...

How severe is CVE-2009-3094?

CVE-2009-3094 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3094?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Fedoraproject Fedora, Debian Debian Linux.