Apache Httpd < None: mod_ssl access control DoS

2005-12-05T00:00:00
ID HTTPD:F7679CE4C32DE86477AA13FB89AE6D5F
Type httpd
Reporter Apache Team Foundation
Modified 2005-12-12T00:00:00

Description

A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the worker MPM.