CVE-2005-3357
UnknownEPSS 24.29%
Last modified
CVE-2005-3357 is a vulnerability of currently unknown severity. mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.. EPSS estimates a 24.29% chance of exploitation in the next 30 days.
Description
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 2.0 |
| Apache | Http Server | 2.0.9 |
| Apache | Http Server | 2.0.28 |
| Apache | Http Server | 2.0.32 |
| Apache | Http Server | 2.0.35 |
| Apache | Http Server | 2.0.36 |
| Apache | Http Server | 2.0.37 |
| Apache | Http Server | 2.0.38 |
| Apache | Http Server | 2.0.39 |
| Apache | Http Server | 2.0.40 |
| Apache | Http Server | 2.0.41 |
| Apache | Http Server | 2.0.42 |
| Apache | Http Server | 2.0.43 |
| Apache | Http Server | 2.0.44 |
| Apache | Http Server | 2.0.45 |
| Apache | Http Server | 2.0.46 |
| Apache | Http Server | 2.0.47 |
| Apache | Http Server | 2.0.48 |
| Apache | Http Server | 2.0.49 |
| Apache | Http Server | 2.0.50 |
| Apache | Http Server | 2.0.51 |
| Apache | Http Server | 2.0.52 |
| Apache | Http Server | 2.0.53 |
| Apache | Http Server | 2.0.54 |
| Apache | Http Server | 2.0.55 |
References
- http://rhn.redhat.com/errata/RHSA-2006-0159.htmlPatch, Vendor Advisory
- http://secunia.com/advisories/18307Patch, Vendor Advisory
- http://secunia.com/advisories/18333Patch, Vendor Advisory
- http://secunia.com/advisories/18339Patch, Vendor Advisory
- http://secunia.com/advisories/18340Patch, Vendor Advisory
- http://secunia.com/advisories/18429Patch, Vendor Advisory
- http://secunia.com/advisories/18517Patch, Vendor Advisory
- http://secunia.com/advisories/18585Patch, Vendor Advisory
- http://secunia.com/advisories/18743Patch, Vendor Advisory
- http://secunia.com/advisories/19012Vendor Advisory
- http://secunia.com/advisories/21848Vendor Advisory
- http://secunia.com/advisories/22233Vendor Advisory
- http://secunia.com/advisories/22368Vendor Advisory
- http://secunia.com/advisories/22523Vendor Advisory
- http://secunia.com/advisories/22669Vendor Advisory
- http://secunia.com/advisories/22992Vendor Advisory
- http://secunia.com/advisories/23260Vendor Advisory
- http://secunia.com/advisories/29849Vendor Advisory
- http://secunia.com/advisories/30430Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200602-03.xmlPatch, Vendor Advisory
- http://www.trustix.org/errata/2005/0074/Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-150A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2006/0056Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3995Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4207Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4300Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4868Vendor Advisory
- http://www.vupen.com/english/advisories/2008/1246/referencesVendor Advisory
- http://www.vupen.com/english/advisories/2008/1697Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2006-0159.htmlPatch, Vendor Advisory
- http://secunia.com/advisories/18307Patch, Vendor Advisory
- http://secunia.com/advisories/18333Patch, Vendor Advisory
- http://secunia.com/advisories/18339Patch, Vendor Advisory
- http://secunia.com/advisories/18340Patch, Vendor Advisory
- http://secunia.com/advisories/18429Patch, Vendor Advisory
- http://secunia.com/advisories/18517Patch, Vendor Advisory
- http://secunia.com/advisories/18585Patch, Vendor Advisory
- http://secunia.com/advisories/18743Patch, Vendor Advisory
- http://secunia.com/advisories/19012Vendor Advisory
- http://secunia.com/advisories/21848Vendor Advisory
- http://secunia.com/advisories/22233Vendor Advisory
- http://secunia.com/advisories/22368Vendor Advisory
- http://secunia.com/advisories/22523Vendor Advisory
- http://secunia.com/advisories/22669Vendor Advisory
- http://secunia.com/advisories/22992Vendor Advisory
- http://secunia.com/advisories/23260Vendor Advisory
- http://secunia.com/advisories/29849Vendor Advisory
- http://secunia.com/advisories/30430Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200602-03.xmlPatch, Vendor Advisory
- http://www.trustix.org/errata/2005/0074/Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-150A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2006/0056Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3995Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4207Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4300Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4868Vendor Advisory
- http://www.vupen.com/english/advisories/2008/1246/referencesVendor Advisory
- http://www.vupen.com/english/advisories/2008/1697Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-3357?
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
How severe is CVE-2005-3357?
Severity scoring for CVE-2005-3357 is pending analysis. The EPSS model estimates a 24.29% probability of exploitation in the next 30 days.
How do I fix CVE-2005-3357?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2005-3357?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST