Apache Httpd < None: mod_ssl access control DoS

Type httpd
Reporter Apache Team Foundation
Modified 2005-12-12T00:00:00


A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the worker MPM.