CVE ID
CVE-2009-3095
DESCRIPTION
A flaw was found in the mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server.
Severity: low
Unitrends is not vulnerable. Unitrends does not enable or configure an FTP server, and also does not load any mod_proxy modules for HTTP.
RESOLUTION
Fixed in:
- CentOS6 systems come with httpd-2.2.15-30 which contains the fix.
- For CentOS5, httpd-2.2.3-31.el5_4.2 or later has this fix.
- Upstream Apache httpd 2.2.14