CVE-2005-3357

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3357
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.4
AV:N/AC:H/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
apache / http_server	2.0.42	2.0.42.x
apache / http_server	2.0.47	2.0.47.x
apache / http_server	2.0.50	2.0.50.x
apache / http_server	2.0.35	2.0.35.x
apache / http_server	2.0.37	2.0.37.x
apache / http_server	2.0.55	2.0.55.x
apache / http_server	2.0.44	2.0.44.x
apache / http_server	2.0.39	2.0.39.x
apache / http_server	2.0.52	2.0.52.x
apache / http_server	2.0.53	2.0.53.x
apache / http_server	2.0.51	2.0.51.x
apache / http_server	2.0.28-beta	2.0.28-beta.x
apache / http_server	2.0.41	2.0.41.x
apache / http_server	2.0.49	2.0.49.x
apache / http_server	2.0.9	2.0.9.x
apache / http_server	2.0.32	2.0.32.x
apache / http_server	2.0.38	2.0.38.x
apache / http_server	2.0.48	2.0.48.x
apache / http_server	2.0.45	2.0.45.x
apache / http_server	2.0.40	2.0.40.x
apache / http_server	2.0.36	2.0.36.x
apache / http_server	2.0.46	2.0.46.x
apache / http_server	2.0.54	2.0.54.x
apache / http_server	2.0.43	2.0.43.x
apache / http_server	2.0.28	2.0.28.x
apache / http_server	2.0	2.0.x

Vulnerability Database

290,273

CVE-2005-3357