Информационная безопасность
[RU] switch to English

Многочисленные уязвимости безопасности в mod_proxy_ftp под Apache
дополнено с 23 сентября 2009 г.
Опубликовано:31 марта 2010 г.
SecurityVulns ID:10253
Уровень опасности:
Описание:Отказ в обслуживании, обход ограничений.
Затронутые продукты:APACHE : Apache 2.0
 APACHE : Apache 2.2
 HP : HP Secure Web Server 2.1
CVE:CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.)
 CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.)
Оригинальный текстdocumentHP, [security bulletin] HPSBOV02506 SSRT090244 rev.1 - HP Secure Web Server for OpenVMS (based on Apache) CSWS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification of Information (31.03.2010)
 documentMANDRIVA, [ MDVSA-2009:240 ] apache (23.09.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород