CVE-2005-3357

Severity

54%

Complexity

49%

Confidentiality

115%

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

CVSS 2.0 Base Score 5.4. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:C).

Overview

First reported 19 years ago

2005-12-31 05:00:00

Last updated 6 years ago

2018-10-19 15:36:00

Affected Software

Apache Software Foundation Apache HTTP Server 2.0

2.0

Apache Software Foundation Apache HTTP Server 2.0.9a

2.0.9

Apache Software Foundation Apache HTTP Server 2.0.28

2.0.28

Apache Software Foundation Apache HTTP Server 2.0.28 Beta

2.0.28

Apache Software Foundation Apache HTTP Server 2.0.32

2.0.32

Apache Software Foundation Apache HTTP Server 2.0.35

2.0.35

Apache Software Foundation Apache HTTP Server 2.0.36

2.0.36

Apache Software Foundation Apache HTTP Server 2.0.37

2.0.37

Apache Software Foundation Apache HTTP Server 2.0.38

2.0.38

Apache Software Foundation Apache HTTP Server 2.0.39

2.0.39

Apache Software Foundation Apache HTTP Server 2.0.40

2.0.40

Apache Software Foundation Apache HTTP Server 2.0.41

2.0.41

Apache Software Foundation Apache HTTP Server 2.0.42

2.0.42

Apache Software Foundation Apache HTTP Server 2.0.43

2.0.43

Apache Software Foundation Apache HTTP Server 2.0.44

2.0.44

Apache Software Foundation Apache HTTP Server 2.0.45

2.0.45

Apache Software Foundation Apache HTTP Server 2.0.46

2.0.46

Apache Software Foundation Apache HTTP Server 2.0.47

2.0.47

Apache Software Foundation Apache HTTP Server 2.0.48

2.0.48

Apache Software Foundation Apache HTTP Server 2.0.49

2.0.49

Apache Software Foundation Apache HTTP Server 2.0.50

2.0.50

Apache Software Foundation Apache HTTP Server 2.0.51

2.0.51

Apache Software Foundation Apache HTTP Server 2.0.52

2.0.52

Apache Software Foundation Apache HTTP Server 2.0.53

2.0.53

Apache Software Foundation Apache HTTP Server 2.0.54

2.0.54

Apache Software Foundation Apache HTTP Server 2.0.55

2.0.55

References

20060101-01-U

SSRT071293

http://issues.apache.org/bugzilla/show_bug.cgi?id=37791

APPLE-SA-2008-05-28

SUSE-SR:2006:004

Vendor Advisory

SSRT090208

RHSA-2006:0159

Patch, Vendor Advisory

18307

Patch, Vendor Advisory

18333

Patch, Vendor Advisory

18339

Patch, Vendor Advisory

18340

Patch, Vendor Advisory

18429

Patch, Vendor Advisory

18517

Patch, Vendor Advisory

18585

Patch, Vendor Advisory

18743

Patch, Vendor Advisory

19012

Vendor Advisory

21848

Vendor Advisory

22233

Vendor Advisory

22368

Vendor Advisory

22523

Vendor Advisory

22669

Vendor Advisory

22992

Vendor Advisory

23260

Vendor Advisory

29849

Vendor Advisory

30430

Vendor Advisory

1015447

102640

102662

http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

http://svn.apache.org/viewcvs?rev=358026&view=rev

GLSA-200602-03

Patch, Vendor Advisory

FEDORA-2006-052

Patch

FLSA-2006:175406

HPSBUX02145

SSRT061269

16152

TSLSA-2005-0074

Patch, Vendor Advisory

USN-241-1

TA08-150A

US Government Resource

ADV-2006-0056

Vendor Advisory

ADV-2006-3920

ADV-2006-3995

Vendor Advisory

ADV-2006-4207

Vendor Advisory

ADV-2006-4300

Vendor Advisory

ADV-2006-4868

Vendor Advisory

ADV-2008-1246

Vendor Advisory

ADV-2008-1697

Vendor Advisory

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

SuSE-SA:2006:051

oval:org.mitre.oval:def:11467

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.