ID de Prueba:	1.3.6.1.4.1.25623.1.0.900841
Categoría:	Denial of Service
Título:	Apache HTTP Server 'mod_proxy_ftp' Module DoS Vulnerability
Resumen:	Apache HTTP Server is prone to a Denial of Service; vulnerability.
Descripción:	Summary: Apache HTTP Server is prone to a Denial of Service vulnerability. Vulnerability Insight: The flaw is due to an error in 'ap_proxy_ftp_handler' function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module while processing responses received from FTP servers. This can be exploited to trigger a NULL-pointer dereference and crash an Apache child process via a malformed EPSV response. Vulnerability Impact: Successful exploitation could allow remote attackers to cause a Denial of Service (DoS) in the context of the affected application. Affected Software/OS: Apache HTTP Server version 2.0.x through 2.0.63 and 2.2.x through 2.2.13 running mod_proxy. Solution: Update to Apache HTTP Server version 2.0.64, 2.2.14 or later. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Referencia Cruzada:	BugTraq ID: 36260 Common Vulnerability Exposure (CVE) ID: CVE-2009-3094 AIX APAR: PK96858 http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858 AIX APAR: PM09161 http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161 Bugtraq: 20091124 rPSA-2009-0155-1 httpd mod_ssl (Google Search) http://www.securityfocus.com/archive/1/508075/100/0/threaded Debian Security Information: DSA-1934 (Google Search) http://www.debian.org/security/2009/dsa-1934 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html HPdes Security Advisory: HPSBMU02753 http://marc.info/?l=bugtraq&m=133355494609819&w=2 HPdes Security Advisory: HPSBOV02506 http://marc.info/?l=bugtraq&m=126998684522511&w=2 HPdes Security Advisory: HPSBUX02531 http://marc.info/?l=bugtraq&m=127557640302499&w=2 HPdes Security Advisory: SSRT090244 HPdes Security Advisory: SSRT100108 HPdes Security Advisory: SSRT100782 http://intevydis.com/vd-list.shtml http://www.intevydis.com/blog/?p=59 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087 http://secunia.com/advisories/36549 http://secunia.com/advisories/37152 SuSE Security Announcement: SUSE-SA:2009:050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://www.vupen.com/english/advisories/2010/0609
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.