CVE-2005-3357
CVE-2005-3357
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-Uhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449http://issues.apache.org/bugzilla/show_bug.cgi?id=37791http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.htmlhttp://marc.info/?l=bugtraq&m=130497311408250&w=2http://rhn.redhat.com/errata/RHSA-2006-0159.htmlhttp://secunia.com/advisories/18307http://secunia.com/advisories/18333http://secunia.com/advisories/18339http://secunia.com/advisories/18340http://secunia.com/advisories/18429