CVE-2005-3357 | Date: (C)2005-12-31 (M)2023-12-22 |
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 5.4 |
Exploit Score: 4.9 |
Impact Score: 6.9 |
|
CVSS V2 Metrics: |
Access Vector: NETWORK |
Access Complexity: HIGH |
Authentication: NONE |
Confidentiality: NONE |
Integrity: NONE |
Availability: COMPLETE |
| |