CVE-2009-3095 - The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access

CVE-2009-3095

Summary

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

References

Vulnerable Configurations

cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.62:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.62:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-09-2022 - 19:50)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

oval via4

accepted

2014-07-14T04:01:31.050-04:00

class

vulnerability

contributors

name J. Daniel Brown
organization DTCC
name Mike Lah
organization The MITRE Corporation
name Mike Lah
organization The MITRE Corporation
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Apache HTTP Server 2.0.x is installed on the system
oval oval:org.mitre.oval:def:8605
comment Apache HTTP Server 2.2.x is installed on the system
oval oval:org.mitre.oval:def:8550

description

family

windows

oval:org.mitre.oval:def:8662

status

accepted

submitted

2010-03-08T17:30:00.000-05:00

title

Apache mod_proxy_ftp Module Insufficient Input Validation Access Restriction Bypass Vulnerability

version

accepted

2013-04-29T04:18:58.109-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9363

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

rpms

httpd-0:2.2.13-2.el5s2
httpd-debuginfo-0:2.2.13-2.el5s2
httpd-devel-0:2.2.13-2.el5s2
httpd-manual-0:2.2.13-2.el5s2
mod_ssl-1:2.2.13-2.el5s2
mysql-0:5.0.84-2.el5s2
mysql-bench-0:5.0.84-2.el5s2
mysql-cluster-0:5.0.84-2.el5s2
mysql-debuginfo-0:5.0.84-2.el5s2
mysql-devel-0:5.0.84-2.el5s2
mysql-libs-0:5.0.84-2.el5s2
mysql-server-0:5.0.84-2.el5s2
mysql-test-0:5.0.84-2.el5s2
perl-DBD-MySQL-0:4.012-1.el5s2
perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2
perl-DBI-0:1.609-1.el5s2
perl-DBI-debuginfo-0:1.609-1.el5s2
php-0:5.2.10-1.el5s2
php-bcmath-0:5.2.10-1.el5s2
php-cli-0:5.2.10-1.el5s2
php-common-0:5.2.10-1.el5s2
php-dba-0:5.2.10-1.el5s2
php-debuginfo-0:5.2.10-1.el5s2
php-devel-0:5.2.10-1.el5s2
php-gd-0:5.2.10-1.el5s2
php-imap-0:5.2.10-1.el5s2
php-ldap-0:5.2.10-1.el5s2
php-mbstring-0:5.2.10-1.el5s2
php-mysql-0:5.2.10-1.el5s2
php-ncurses-0:5.2.10-1.el5s2
php-odbc-0:5.2.10-1.el5s2
php-pdo-0:5.2.10-1.el5s2
php-pear-1:1.8.1-2.el5s2
php-pgsql-0:5.2.10-1.el5s2
php-snmp-0:5.2.10-1.el5s2
php-soap-0:5.2.10-1.el5s2
php-xml-0:5.2.10-1.el5s2
php-xmlrpc-0:5.2.10-1.el5s2
postgresql-0:8.2.14-1.el5s2
postgresql-contrib-0:8.2.14-1.el5s2
postgresql-debuginfo-0:8.2.14-1.el5s2
postgresql-devel-0:8.2.14-1.el5s2
postgresql-docs-0:8.2.14-1.el5s2
postgresql-jdbc-0:8.2.510-1jpp.el5s2
postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2
postgresql-libs-0:8.2.14-1.el5s2
postgresql-plperl-0:8.2.14-1.el5s2
postgresql-plpython-0:8.2.14-1.el5s2
postgresql-pltcl-0:8.2.14-1.el5s2
postgresql-python-0:8.2.14-1.el5s2
postgresql-server-0:8.2.14-1.el5s2
postgresql-tcl-0:8.2.14-1.el5s2
postgresql-test-0:8.2.14-1.el5s2
httpd-0:2.0.46-77.ent
httpd-0:2.2.3-31.el5_4.2
httpd-debuginfo-0:2.0.46-77.ent
httpd-debuginfo-0:2.2.3-31.el5_4.2
httpd-devel-0:2.0.46-77.ent
httpd-devel-0:2.2.3-31.el5_4.2
httpd-manual-0:2.2.3-31.el5_4.2
mod_ssl-1:2.0.46-77.ent
mod_ssl-1:2.2.3-31.el5_4.2
httpd-0:2.0.52-41.ent.6
httpd-debuginfo-0:2.0.52-41.ent.6
httpd-devel-0:2.0.52-41.ent.6
httpd-manual-0:2.0.52-41.ent.6
httpd-suexec-0:2.0.52-41.ent.6
mod_ssl-1:2.0.52-41.ent.6
httpd-0:2.2.10-11.ep5.el5
httpd-debuginfo-0:2.2.10-11.ep5.el5
httpd-devel-0:2.2.10-11.ep5.el5
httpd-manual-0:2.2.10-11.ep5.el5
httpd22-0:2.2.10-25.1.ep5.el4
httpd22-apr-0:2.2.10-25.1.ep5.el4
httpd22-apr-devel-0:2.2.10-25.1.ep5.el4
httpd22-apr-util-0:2.2.10-25.1.ep5.el4
httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4
httpd22-debuginfo-0:2.2.10-25.1.ep5.el4
httpd22-devel-0:2.2.10-25.1.ep5.el4
mod_ssl-1:2.2.10-11.ep5.el5
mod_ssl22-1:2.2.10-25.1.ep5.el4
ant-0:1.6.5-1jpp_1rh
avalon-logkit-0:1.2-2jpp_4rh
axis-0:1.2.1-1jpp_3rh
classpathx-jaf-0:1.0-2jpp_6rh
classpathx-mail-0:1.1.1-2jpp_8rh
geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh
geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh
geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh
geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh
geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh
geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh
geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh
geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh
geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh
geronimo-specs-0:1.0-0.M4.1jpp_10rh
geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh
jakarta-commons-modeler-0:2.0-3jpp_2rh
log4j-0:1.2.12-1jpp_1rh
mx4j-1:3.0.1-1jpp_4rh
pcsc-lite-0:1.3.3-3.el4
pcsc-lite-debuginfo-0:1.3.3-3.el4
pcsc-lite-doc-0:1.3.3-3.el4
pcsc-lite-libs-0:1.3.3-3.el4
rhpki-ca-0:7.3.0-20.el4
rhpki-java-tools-0:7.3.0-10.el4
rhpki-kra-0:7.3.0-14.el4
rhpki-manage-0:7.3.0-19.el4
rhpki-native-tools-0:7.3.0-6.el4
rhpki-ocsp-0:7.3.0-13.el4
rhpki-tks-0:7.3.0-13.el4
tomcat5-0:5.5.23-0jpp_4rh.16
tomcat5-common-lib-0:5.5.23-0jpp_4rh.16
tomcat5-jasper-0:5.5.23-0jpp_4rh.16
tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16
tomcat5-server-lib-0:5.5.23-0jpp_4rh.16
tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16
xerces-j2-0:2.7.1-1jpp_1rh
xml-commons-0:1.3.02-2jpp_1rh
xml-commons-apis-0:1.3.02-2jpp_1rh

refmap via4

apple	APPLE-SA-2010-03-29-1
bugtraq	20091124 rPSA-2009-0155-1 httpd mod_ssl
confirm	http://support.apple.com/kb/HT4077 http://wiki.rpath.com/Advisories:rPSA-2009-0155 https://bugzilla.redhat.com/show_bug.cgi?id=522209
debian	DSA-1934
fedora	FEDORA-2009-12604 FEDORA-2009-12606
hp	HPSBMU02753 HPSBOV02506 HPSBOV02683 HPSBUX02531 SSRT090208 SSRT090244 SSRT100108 SSRT100782
misc	http://intevydis.com/vd-list.shtml
mlist	[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
secunia	37152
suse	SUSE-SA:2009:050

statements via4

contributor	Tomas Hoger
lastmodified	2009-11-12
organization	Red Hat
statement	List of the errata fixing this flaw in affected products can be found at: https://www.redhat.com/security/data/cve/CVE-2009-3095.html

Last major update

19-09-2022 - 19:50

Published

08-09-2009 - 18:30

Last modified

19-09-2022 - 19:50