CVE-2005-3357

Severity Score

5.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

*Credits: N/A

CVSS Scores

NISTv2 5.4

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2005-10-27 CVE Reserved
2005-12-31 CVE Published
2024-04-27 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (68)

URL	Tag	Source
http://issues.apache.org/bugzilla/show_bug.cgi?id=37791	X_refsource_confirm
http://securitytracker.com/id?1015447	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm	X_refsource_confirm
http://svn.apache.org/viewcvs?rev=358026&view=rev	X_refsource_misc
http://www.securityfocus.com/bid/16152	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2006/3920	Vdb Entry
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117	X_refsource_confirm
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11467	Signature

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2006-0159.html	2023-02-13
http://secunia.com/advisories/18307	2023-02-13
http://secunia.com/advisories/18333	2023-02-13
http://secunia.com/advisories/18339	2023-02-13
http://secunia.com/advisories/18340	2023-02-13
http://secunia.com/advisories/18429	2023-02-13
http://secunia.com/advisories/18517	2023-02-13
http://secunia.com/advisories/18585	2023-02-13
http://secunia.com/advisories/18743	2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml	2023-02-13
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html	2023-02-13
http://www.trustix.org/errata/2005/0074	2023-02-13

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U	2023-02-13
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449	2023-02-13
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html	2023-02-13
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html	2023-02-13
http://marc.info/?l=bugtraq&m=130497311408250&w=2	2023-02-13
http://secunia.com/advisories/19012	2023-02-13
http://secunia.com/advisories/21848	2023-02-13
http://secunia.com/advisories/22233	2023-02-13
http://secunia.com/advisories/22368	2023-02-13
http://secunia.com/advisories/22523	2023-02-13
http://secunia.com/advisories/22669	2023-02-13
http://secunia.com/advisories/22992	2023-02-13
http://secunia.com/advisories/23260	2023-02-13
http://secunia.com/advisories/29849	2023-02-13
http://secunia.com/advisories/30430	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102640-1	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1	2023-02-13
http://www.securityfocus.com/archive/1/425399/100/0/threaded	2023-02-13
http://www.securityfocus.com/archive/1/445206/100/0/threaded	2023-02-13
http://www.securityfocus.com/archive/1/450315/100/0/threaded	2023-02-13
http://www.ubuntulinux.org/usn/usn-241-1	2023-02-13
http://www.vupen.com/english/advisories/2006/0056	2023-02-13
http://www.vupen.com/english/advisories/2006/3995	2023-02-13
http://www.vupen.com/english/advisories/2006/4207	2023-02-13
http://www.vupen.com/english/advisories/2006/4300	2023-02-13
http://www.vupen.com/english/advisories/2006/4868	2023-02-13
http://www.vupen.com/english/advisories/2008/1246/references	2023-02-13
http://www.vupen.com/english/advisories/2008/1697	2023-02-13
https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2005-3357	2006-01-05
https://bugzilla.redhat.com/show_bug.cgi?id=1617818	2006-01-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0 Search vendor "Apache" for product "Http Server" and version "2.0"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.9 Search vendor "Apache" for product "Http Server" and version "2.0.9"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.28 Search vendor "Apache" for product "Http Server" and version "2.0.28"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.28 Search vendor "Apache" for product "Http Server" and version "2.0.28"		beta		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.32 Search vendor "Apache" for product "Http Server" and version "2.0.32"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.35 Search vendor "Apache" for product "Http Server" and version "2.0.35"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.36 Search vendor "Apache" for product "Http Server" and version "2.0.36"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.37 Search vendor "Apache" for product "Http Server" and version "2.0.37"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.38 Search vendor "Apache" for product "Http Server" and version "2.0.38"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.39 Search vendor "Apache" for product "Http Server" and version "2.0.39"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.40 Search vendor "Apache" for product "Http Server" and version "2.0.40"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.41 Search vendor "Apache" for product "Http Server" and version "2.0.41"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.42 Search vendor "Apache" for product "Http Server" and version "2.0.42"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.43 Search vendor "Apache" for product "Http Server" and version "2.0.43"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.44 Search vendor "Apache" for product "Http Server" and version "2.0.44"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.45 Search vendor "Apache" for product "Http Server" and version "2.0.45"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.46 Search vendor "Apache" for product "Http Server" and version "2.0.46"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.47 Search vendor "Apache" for product "Http Server" and version "2.0.47"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.48 Search vendor "Apache" for product "Http Server" and version "2.0.48"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.49 Search vendor "Apache" for product "Http Server" and version "2.0.49"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.50 Search vendor "Apache" for product "Http Server" and version "2.0.50"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.51 Search vendor "Apache" for product "Http Server" and version "2.0.51"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.52 Search vendor "Apache" for product "Http Server" and version "2.0.52"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.53 Search vendor "Apache" for product "Http Server" and version "2.0.53"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.54 Search vendor "Apache" for product "Http Server" and version "2.0.54"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				2.0.55 Search vendor "Apache" for product "Http Server" and version "2.0.55"		-		Affected