MDVSA-2009:240 -- Mandriva apacheID: oval:org.secpod.oval:def:300451 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
Multiple vulnerabilities was discovered and corrected in apache: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service via a malformed reply to an EPSV command . The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes . This update provides a solution to these vulnerabilities.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.1 |