CVE-2005-3357

medium Apache
CVSS v3 Base Score
5.4
AV:N/AC:H/Au:N/C:N/I:N/A:C
EPSS Score
43.5%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Confidentiality
None
Integrity
None
Availability
C
Published: December 31, 2005 (7439 days ago)
Last Modified: April 16, 2026
Vendor: Apache
Source: NVD

Description

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

CWE

CWE-399

Affected Products

apache http server

References

🔗 patches.sgi.com 🔗 h20000.www2.hp.com 🔗 issues.apache.org 🔗 lists.apple.com 🔗 lists.suse.de