what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2009-3094

Status Candidate

Overview

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

Related Files

HP Security Bulletin HPSBMU02753 SSRT100782
Posted Apr 5, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02753 SSRT100782 - Potential security vulnerabilities have been identified with HP Business Availability Center (BAC) running Apache. The vulnerabilities could be remotely exploited to allow execution of arbitrary commands or to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2009-2699, CVE-2009-3094, CVE-2009-3095, CVE-2010-1452
MD5 | 34ae7e433e7c1724d05f1575c7616302
HP Security Bulletin HPSBUX02531 SSRT100108
Posted Jun 4, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434
MD5 | 02bccf929a86d4929427f8186d511b97
HP Security Bulletin HPSBOV02506 SSRT090244
Posted Mar 31, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Multiple security vulnerabilities have been identified with the HP Secure Web Server for OpenVMS (based on Apache) CSWS. The vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS), unauthorized disclosure of information, or unauthorized modification of information.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2009-3094, CVE-2009-3095
MD5 | ac787967e28f44d37c74c7598b9d1714
Mandriva Linux Security Advisory 2009-323
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-323 - Multiple vulnerabilities has been found and corrected in apache. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1678, CVE-2008-2939, CVE-2009-1191, CVE-2009-1195, CVE-2009-1890, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
MD5 | ed48863f815c1c13d770f6bfd28192a4
Ubuntu Security Notice 860-1
Posted Nov 19, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 860-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session.

tags | advisory, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
MD5 | f56aab08b5d9f07c51882f83febd6477
Debian Linux Security Advisory 1934-1
Posted Nov 16, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1934-1 - A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability.

tags | advisory, arbitrary, protocol
systems | linux, debian
advisories | CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
MD5 | 955104944e2ce8f35004013a58265564
Mandriva Linux Security Advisory 2009-240
Posted Sep 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-240 - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. This update provides a solution to these vulnerabilities.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3094, CVE-2009-3095
MD5 | 3f7ffaa3c4b8b4c2e51aad29833fd88c
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close