CVE-2005-3357 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-3357
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3357

Description: mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

CVE Status: Candidate

References: UBUNTU http://www.ubuntulinux.org/usn/usn-241-1 TRUSTIX http://www.trustix.org/errata/2005/0074/ SUSE http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html http://lists.suse.com/archive/suse-security-announce/2006-Sep/0004.html http://www.novell.com/linux/security/advisories/2006_51_apache.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102640-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 ST 1015447 SGI SAID Secunia Advisory: SA18339 Secunia Advisory: SA18333 Secunia Advisory: SA18340 Secunia Advisory: SA18307 Secunia Advisory: SA18429 Secunia Advisory: SA18585 Secunia Advisory: SA18517 Secunia Advisory: SA18743 Secunia Advisory: SA19012 Secunia Advisory: SA21848 Secunia Advisory: SA22233 Secunia Advisory: SA22368 Secunia Advisory: SA22523 Secunia Advisory: SA22669 Secunia Advisory: SA23260 Secunia Advisory: SA22992 Secunia Advisory: SA29849 Secunia Advisory: SA30430 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0159.html MISC http://svn.apache.org/viewcvs?rev=358026&view=rev HP http://www.securityfocus.com/archive/1/archive/1/450315/100/0/threaded http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://www.securityfocus.com/archive/1/archive/1/445206/100/0/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html http://www.securityfocus.com/archive/1/archive/1/425399/100/0/threaded CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 http://issues.apache.org/bugzilla/show_bug.cgi?id=37791 CERT http://www.us-cert.gov/cas/techalerts/TA08-150A.html BID 16152 APPLE http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

Return to the previous page.