Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3357

Overview

Vulnerability Score 5.4 5.4
CVE Id CVE-2005-3357
Last Modified 21 Sep 2011 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3357

Summary

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Vulnerable Systems

Application

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.9


References

CERT - TA08-150A

TRUSTIX - TSLSA-2005-0074

FEDORA - FLSA-2006:175406

FEDORA - FEDORA-2006-052

GENTOO - GLSA-200602-03

SECUNIA - 18743

SECUNIA - 18585

SECUNIA - 18517

SECUNIA - 18429

SECUNIA - 18340

SECUNIA - 18339

SECUNIA - 18333

SECUNIA - 18307

REDHAT - RHSA-2006:0159

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

VUPEN - ADV-2008-1697

VUPEN - ADV-2008-1246

VUPEN - ADV-2006-4868

VUPEN - ADV-2006-4300

VUPEN - ADV-2006-4207

VUPEN - ADV-2006-3995

VUPEN - ADV-2006-3920

VUPEN - ADV-2006-0056

UBUNTU - USN-241-1

BID - 16152

HP - SSRT061269

HP - HPSBUX02172

HP - SSRT061202

HP - HPSBUX02145

SUSE - SUSE-SA:2006:051

MISC - http://svn.apache.org/viewcvs?rev=358026&view=rev

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

SUNALERT - 102662

SUNALERT - 102640

SECTRACK - 1015447

SECUNIA - 30430

SECUNIA - 29849

SECUNIA - 23260

SECUNIA - 22992

SECUNIA - 22669

SECUNIA - 22523

SECUNIA - 22368

SECUNIA - 22233

SECUNIA - 21848

SECUNIA - 19012

HP - SSRT090208

HP - HPSBOV02683

SUSE - SUSE-SR:2006:004

SUSE - SuSE-SA:2006:051

APPLE - APPLE-SA-2008-05-28

CONFIRM - http://issues.apache.org/bugzilla/show_bug.cgi?id=37791

HP - HPSBMA02328

SGI - 20060101-01-U

HP - SSRT071293

Related Patches

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)


Last Updated: 27 May 2016 10:42:34