Upstream information

CVE-2005-3357 at MITRE

Description

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.4
Vector AV:N/AC:H/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entries: 138083 [RESOLVED / FIXED], 142338 [NEW], 186167 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • apache2 >= 2.4.49-1.1
Patchnames:
openSUSE Tumbleweed GA apache2-2.4.49-1.1


SUSE Timeline for this CVE

CVE page created: Fri Jun 28 02:09:59 2013
CVE page last modified: Fri Dec 8 16:14:09 2023