National Cyber-Alert System
Vulnerability Summary for CVE-2005-3357
Original release date:12/31/2005
Last revised:09/05/2008
Source:
US-CERT/NIST
Overview
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
6.9
Exploitability Subscore:
4.9
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: High
Authentication: Not required to exploit
Impact Type:Allows disruption of serviceUnknown
- Official Statement from Apache (07/02/2008)
-
Fixed in Apache HTTP Server 2.2.2 and 2.0.58 http://httpd.apache.org/security/vulnerabilities_22.html
http://httpd.apache.org/security/vulnerabilities_20.html
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
US-CERT Technical Alert: TA08-150A
Name: TA08-150A
External Source: TRUSTIX
Name: TSLSA-2005-0074
Type: Advisory; Patch Information
External Source: FEDORA
Name: FLSA-2006:175406
Type: Advisory; Patch Information
External Source: FEDORA
Name: FEDORA-2006-052
Type: Patch Information
External Source: GENTOO
Name: GLSA-200602-03
Type: Advisory; Patch Information
External Source: VUPEN
Name: ADV-2006-0056
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 18743
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 18585
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 18517
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 18429
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 18340
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 18339
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 18333
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 18307
Type: Advisory; Patch Information
External Source: REDHAT
Name: RHSA-2006:0159
Type: Advisory; Patch Information
External Source: UBUNTU
Name: USN-241-1
External Source: BID
Name: 16152
External Source: MISC
Name: http://svn.apache.org/viewcvs?rev=358026&view=rev
External Source: SECTRACK
Name: 1015447
External Source: SECUNIA
Name: 19012
Type: Advisory
External Source: SUSE
Name: SUSE-SR:2006:004
Type: Advisory
External Source: CONFIRM
Name: http://issues.apache.org/bugzilla/show_bug.cgi?id=37791
External Source: SGI
Name: 20060101-01-U
External Source: CONFIRM
Name: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
External Source: HP
Name: SSRT061269
External Source: HP
Name: HPSBUX02145
External Source: SUSE
Name: SUSE-SA:2006:051
External Source: VUPEN
Name: ADV-2008-1697
External Source: VUPEN
Name: ADV-2008-1246
External Source: VUPEN
Name: ADV-2006-4868
External Source: VUPEN
Name: ADV-2006-4300
External Source: VUPEN
Name: ADV-2006-4207
External Source: VUPEN
Name: ADV-2006-3995
External Source: VUPEN
Name: ADV-2006-3920
External Source: CONFIRM
Name: http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
External Source: SUNALERT
Name: 102662
External Source: SUNALERT
Name: 102640
External Source: SECUNIA
Name: 30430
External Source: SECUNIA
Name: 29849
External Source: SECUNIA
Name: 23260
External Source: SECUNIA
Name: 22992
External Source: SECUNIA
Name: 22669
External Source: SECUNIA
Name: 22523
External Source: SECUNIA
Name: 22368
External Source: SECUNIA
Name: 22233
External Source: SECUNIA
Name: 21848
External Source: SUSE
Name: SuSE-SA:2006:051
External Source: APPLE
Name: APPLE-SA-2008-05-28
External Source: HP
Name: HPSBMA02328