Lucene search

K
cve[email protected]CVE-2005-3357
HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-3357

2005-12-3105:00:00
CWE-399
web.nvd.nist.gov
62
21
cve-2005-3357
mod_ssl
apache 2.0
denial of service
application crash
null pointer dereference
ssl vulnerability

6.2 Medium

AI Score

Confidence

Low

5.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

0.973 High

EPSS

Percentile

99.8%

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

References

Social References

More

6.2 Medium

AI Score

Confidence

Low

5.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

0.973 High

EPSS

Percentile

99.8%