CVE-2005-3357 | AttackerKB

Description

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

apache

Products

http server 2.0,
http server 2.0.28,
http server 2.0.32,
http server 2.0.35,
http server 2.0.36,
http server 2.0.37,
http server 2.0.38,
http server 2.0.39,
http server 2.0.40,
http server 2.0.41,
http server 2.0.42,
http server 2.0.43,
http server 2.0.44,
http server 2.0.45,
http server 2.0.46,
http server 2.0.47,
http server 2.0.48,
http server 2.0.49,
http server 2.0.50,
http server 2.0.51,
http server 2.0.52,
http server 2.0.53,
http server 2.0.54,
http server 2.0.55,
http server 2.0.9

References

Canonical

CVE-2005-3357 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357)

BID-16152 (http://www.securityfocus.com/bid/16152)

Advisory

ADV-2006-3995 (http://www.vupen.com/english/advisories/2006/3995)

SECUNIA-22992 (http://secunia.com/advisories/22992)

SUNALERT-102662 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1)

SSRT071293 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449)

SECUNIA-18339 (http://secunia.com/advisories/18339)

ADV-2006-4300 (http://www.vupen.com/english/advisories/2006/4300)

http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html

SECUNIA-18340 (http://secunia.com/advisories/18340)

SECUNIA-22523 (http://secunia.com/advisories/22523)

ADV-2008-1246 (http://www.vupen.com/english/advisories/2008/1246/references)

SSRT061269 (http://www.securityfocus.com/archive/1/450315/100/0/threaded)

SSRT090208 (http://marc.info?l=bugtraq&m=130497311408250&w=2)

SECUNIA-23260 (http://secunia.com/advisories/23260)

http://rhn.redhat.com/errata/RHSA-2006-0159.html

SECUNIA-29849 (http://secunia.com/advisories/29849)

ADV-2006-3920 (http://www.vupen.com/english/advisories/2006/3920)

SECUNIA-18333 (http://secunia.com/advisories/18333)

USN-241-1 (http://www.ubuntulinux.org/usn/usn-241-1)

TA08-150A (http://www.us-cert.gov/cas/techalerts/TA08-150A.html)

SECUNIA-18307 (http://secunia.com/advisories/18307)

SECUNIA-22368 (http://secunia.com/advisories/22368)

HPSBUX02145 (http://www.securityfocus.com/archive/1/445206/100/0/threaded)

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html

http://www.securityfocus.com/archive/1/425399/100/0/threaded

FEDORA-2006-052 (http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html)

ADV-2006-4868 (http://www.vupen.com/english/advisories/2006/4868)

SECUNIA-30430 (http://secunia.com/advisories/30430)

ADV-2006-4207 (http://www.vupen.com/english/advisories/2006/4207)

APPLE-SA-2008-05-28 (http://lists.apple.com/archives/security-announce/2008//May/msg00001.html)

SECUNIA-21848 (http://secunia.com/advisories/21848)

http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

SECUNIA-18517 (http://secunia.com/advisories/18517)

SECUNIA-22669 (http://secunia.com/advisories/22669)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11467

SECUNIA-18585 (http://secunia.com/advisories/18585)

http://issues.apache.org/bugzilla/show_bug.cgi?id=37791

GLSA-200602-03 (http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml)

ADV-2008-1697 (http://www.vupen.com/english/advisories/2008/1697)

SECUNIA-22233 (http://secunia.com/advisories/22233)

SECUNIA-19012 (http://secunia.com/advisories/19012)

SECUNIA-18429 (http://secunia.com/advisories/18429)

SUNALERT-102640 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102640-1)

SECTRACK-1015447 (http://securitytracker.com/id?1015447)

ADV-2006-0056 (http://www.vupen.com/english/advisories/2006/0056)

SECUNIA-18743 (http://secunia.com/advisories/18743)

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E)

SSRT090208 (http://marc.info/?l=bugtraq&m=130497311408250&w=2)

[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ (https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ (https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ (https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ (https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E)

Miscellaneous

TSLSA-2005-0074 (http://www.trustix.org/errata/2005/0074)

http://svn.apache.org/viewcvs?rev=358026&view=rev

TSLSA-2005-0074 (http://www.trustix.org/errata/2005/0074/)

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

Rapid7

Technical Analysis