National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2005-3357 Detail

Current Description

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Source:  MITRE      Last Modified:  12/31/2005      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2005-3357
Original release date:
12/31/2005
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.4 MEDIUM
Vector:
(AV:N/AC:H/Au:N/C:N/I:N/A:C) (legend)
Impact Subscore:
6.9
Exploitability Subscore:
4.9
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
High
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apache HTTP Server 2.2.2 and 2.0.58 http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U External Source SGI 20060101-01-U
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 External Source HP SSRT071293
http://issues.apache.org/bugzilla/show_bug.cgi?id=37791 External Source CONFIRM http://issues.apache.org/bugzilla/show_bug.cgi?id=37791
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html External Source APPLE APPLE-SA-2008-05-28
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html Vendor Advisory External Source SUSE SUSE-SR:2006:004
http://marc.info/?l=bugtraq&m=130497311408250&w=2 External Source HP HPSBOV02683
http://rhn.redhat.com/errata/RHSA-2006-0159.html Patch; Vendor Advisory External Source REDHAT RHSA-2006:0159
http://securitytracker.com/id?1015447 External Source SECTRACK 1015447
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102640-1 External Source SUNALERT 102640
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 External Source SUNALERT 102662
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://svn.apache.org/viewcvs?rev=358026&view=rev External Source MISC http://svn.apache.org/viewcvs?rev=358026&view=rev
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml Patch; Vendor Advisory External Source GENTOO GLSA-200602-03
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html Patch External Source FEDORA FEDORA-2006-052
http://www.securityfocus.com/archive/1/archive/1/425399/100/0/threaded Patch; Vendor Advisory External Source FEDORA FLSA-2006:175406
http://www.securityfocus.com/archive/1/archive/1/445206/100/0/threaded External Source HP SSRT061202
http://www.securityfocus.com/archive/1/archive/1/450315/100/0/threaded External Source HP HPSBUX02172
http://www.securityfocus.com/bid/16152 External Source BID 16152
http://www.trustix.org/errata/2005/0074/ Patch; Vendor Advisory External Source TRUSTIX TSLSA-2005-0074
http://www.ubuntulinux.org/usn/usn-241-1 External Source UBUNTU USN-241-1
http://www.us-cert.gov/cas/techalerts/TA08-150A.html US Government Resource External Source CERT TA08-150A
http://www.vupen.com/english/advisories/2006/0056 Vendor Advisory External Source VUPEN ADV-2006-0056
http://www.vupen.com/english/advisories/2006/3920 External Source VUPEN ADV-2006-3920
http://www.vupen.com/english/advisories/2006/3995 Vendor Advisory External Source VUPEN ADV-2006-3995
http://www.vupen.com/english/advisories/2006/4207 Vendor Advisory External Source VUPEN ADV-2006-4207
http://www.vupen.com/english/advisories/2006/4300 Vendor Advisory External Source VUPEN ADV-2006-4300
http://www.vupen.com/english/advisories/2006/4868 Vendor Advisory External Source VUPEN ADV-2006-4868
http://www.vupen.com/english/advisories/2008/1246/references Vendor Advisory External Source VUPEN ADV-2008-1246
http://www.vupen.com/english/advisories/2008/1697 Vendor Advisory External Source VUPEN ADV-2008-1697
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 External Source CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html External Source SUSE SuSE-SA:2006:051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11467 External Source OVAL oval:org.mitre.oval:def:11467

References to Check Content

Identifier:
oval:org.mitre.oval:def:11467
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11467

Technical Details

Vulnerability Type (View All)

  • Resource Management Errors (CWE-399)

Change History 4 change records found - show changes