Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
Information
Severity
Severity
Low
Family
Family
Denial of Service
CVSSv2 Base
CVSSv2 Base
2.6
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:H/Au:N/C:N/I:N/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
14 years ago
Modified
Modified
4 years ago
Summary
The host is running Apache and is prone to Denial of Service vulnerability.
Insight
Insight
The flaw is due to an error in 'ap_proxy_ftp_handler' function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module while processing responses received from FTP servers. This can be exploited to trigger a NULL-pointer dereference and crash an Apache child process via a malformed EPSV response.
Affected Software
Affected Software
Apache HTTP Server version 2.0.x to 2.0.63 and and 2.2.x to 2.2.13 on Linux.
Solution
Solution
Upgrade to Apache HTTP Server version 2.2.15 or later.