5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
0.973 High
EPSS
Percentile
99.8%
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with
access control and a custom error 400 error page, allows remote attackers
to cause a denial of service (application crash) via a non-SSL request to
an SSL port, which triggers a NULL pointer dereference.