Descriptionmod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2006:051, published Fri, 08 Sep 2006 16:00:00 +0000
- SUSE-SR:2006:004, published Fri, 24 Feb 2006 16:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA apache2-2.4.49-1.1
SUSE Timeline for this CVECVE page created: Fri Jun 28 02:09:59 2013
CVE page last modified: Mon Feb 13 11:21:16 2023