Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is running Apache and is prone to Denial of Service vulnerability.
Insight
Insight
The flaw is due to an error in 'ap_proxy_ftp_handler' function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module while processing responses received from FTP servers. This can be exploited to trigger a NULL-pointer dereference and crash an Apache child process via a malformed EPSV response.
Affected Software
Affected Software
Apache HTTP Server version 2.0.x to 2.0.63 and and 2.2.x to 2.2.13 on Linux.
Solution
Solution
Upgrade to Apache HTTP Server version 2.2.15 or later.
Common Vulnerabilities and Exposures (CVE)
Scan your vulnerabilities for free. Start using Mageni today.
Mageni can help you to find, assess and manage your vulnerabilities.
Get Started for Free