Vulnerability DatabaseCVE-2005-3357
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2005-3357
January 06, 2006
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Related Resources (67)
http://issues.apache.org/bugzilla/show_bug.cgi?id=37791
http://secunia.com/advisories/18743
http://www.trustix.org/errata/2005/0074/
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/30430
http://secunia.com/advisories/18333
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
http://www.securityfocus.com/archive/1/450315/100/0/threaded
http://www.vupen.com/english/advisories/2008/1246/references
http://www.vupen.com/english/advisories/2006/4868
http://www.vupen.com/english/advisories/2006/3920
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
http://secunia.com/advisories/29849
http://secunia.com/advisories/22233
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/22669
http://secunia.com/advisories/19012
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/18429
http://www.securityfocus.com/bid/16152
http://secunia.com/advisories/18517
http://secunia.com/advisories/23260
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=130497311408250&w=2
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102640-1
http://secunia.com/advisories/21848
http://www.ubuntulinux.org/usn/usn-241-1
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
http://www.securityfocus.com/archive/1/445206/100/0/threaded
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
http://www.vupen.com/english/advisories/2006/4207
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/18585
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml
http://www.vupen.com/english/advisories/2006/0056
http://www.vupen.com/english/advisories/2006/4300
https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html
http://www.securityfocus.com/archive/1/425399/100/0/threaded
http://securitytracker.com/id?1015447
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/18339
https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3357
http://secunia.com/advisories/22992
http://secunia.com/advisories/22368
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
http://svn.apache.org/viewcvs?rev=358026&view=rev
http://secunia.com/advisories/18340
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/22523
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://rhn.redhat.com/errata/RHSA-2006-0159.html
http://www.vupen.com/english/advisories/2006/3995
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/18307
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.vupen.com/english/advisories/2008/1697
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11467
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
CVSS v2
Base Score:
5.4
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
EPSS
Base Score:
43.46