CVE-2005-3357 — Apache Http Server vulnerability

CWE-39912 documents9 sources

Severity

5.4MEDIUMNVD

EPSS

43.5%

top 2.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedDec 31

Latest updateMay 3

Description

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages1 packages

▶NVDapache/http_server25 versions+24

Patches

Patch: rhn.redhat.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-6c36-v393-c32c: mod_ssl in Apache 2↗2022-05-03

▶

CVEList

CVE-2005-3357: mod_ssl in Apache 2↗2006-01-06

▶

OSV

CVE-2005-3357: mod_ssl in Apache 2↗2005-12-31

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2006-01-13

▶

Red Hat

security flaw↗2005-12-05

▶

Debian

CVE-2005-3357: apache2 - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with acces...↗2005

▶

Apache

Apache httpd: CVE-2005-3357↗

▶

💬Community

Bugzilla

CVE-2005-3357 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-3357 mod_ssl crash in FC5test2↗2006-01-16

▶

Bugzilla

CVE-2005-3357 mod_ssl crash↗2005-12-14

▶

Bugzilla

CVE-2005-2970, CVE-2005-3352, CVE-2005-3357 Apache httpd multiple security issues↗2005-12-09

▶