Upstream information
Description
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 5.4 |
Vector | AV:N/AC:H/Au:N/C:N/I:N/A:C |
Access Vector | Network |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Complete |
SUSE Security Advisories:
- SUSE-SA:2006:051, published Fri, 08 Sep 2006 16:00:00 +0000
- SUSE-SR:2006:004, published Fri, 24 Feb 2006 16:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA apache2-2.4.49-1.1 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 02:09:59 2013CVE page last modified: Mon Feb 13 11:21:16 2023