Endpoint Vulnerability

Apache Httpd - low:mod_proxy_ftp FTP command injection(CVE-2009-3095)

Description

A flaw was found in the mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server.

Affected Products

Apache Httpd

References

CVE-2009-3095,