Apache Httpd < None: mod_proxy_ftp FTP command injection

2009-09-03T00:00:00
ID HTTPD:5BAD9B11C0028C7342D6BDDB6A6FC575
Type httpd
Reporter Apache Team Foundation
Modified 2009-09-03T00:00:00

Description

A flaw was found in the mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server.