Search for vulnerabilities
Vulnerability details: VCID-y8ne-1k27-aaam
Vulnerability ID VCID-y8ne-1k27-aaam
Aliases CVE-2005-3357
Summary mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=130497311408250&w=2
rhas Moderate https://access.redhat.com/errata/RHSA-2006:0159
epss 0.23281 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.23281 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.23281 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.23281 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.23281 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.23281 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.23281 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.311 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.3724 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.91457 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.91457 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.91457 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.91457 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.97185 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.97185 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.97264 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.97264 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.97264 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.97264 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
epss 0.97264 https://api.first.org/data/v1/epss?cve=CVE-2005-3357
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1617818
apache_httpd low https://httpd.apache.org/security/json/CVE-2005-3357.json
cvssv2 5.4 https://nvd.nist.gov/vuln/detail/CVE-2005-3357
generic_textual MODERATE http://www.securityfocus.com/archive/1/450315/100/0/threaded
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449
http://issues.apache.org/bugzilla/show_bug.cgi?id=37791
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://rhn.redhat.com/errata/RHSA-2006-0159.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3357.json
https://api.first.org/data/v1/epss?cve=CVE-2005-3357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357
http://secunia.com/advisories/18307
http://secunia.com/advisories/18333
http://secunia.com/advisories/18339
http://secunia.com/advisories/18340
http://secunia.com/advisories/18429
http://secunia.com/advisories/18517
http://secunia.com/advisories/18585
http://secunia.com/advisories/18743
http://secunia.com/advisories/19012
http://secunia.com/advisories/21848
http://secunia.com/advisories/22233
http://secunia.com/advisories/22368
http://secunia.com/advisories/22523
http://secunia.com/advisories/22669
http://secunia.com/advisories/22992
http://secunia.com/advisories/23260
http://secunia.com/advisories/29849
http://secunia.com/advisories/30430
http://securitytracker.com/id?1015447
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11467
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102640-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://svn.apache.org/viewcvs?rev=358026&view=rev
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html
http://www.securityfocus.com/archive/1/425399/100/0/threaded
http://www.securityfocus.com/archive/1/445206/100/0/threaded
http://www.securityfocus.com/archive/1/450315/100/0/threaded
http://www.securityfocus.com/bid/16152
http://www.trustix.org/errata/2005/0074/
http://www.ubuntulinux.org/usn/usn-241-1
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2006/0056
http://www.vupen.com/english/advisories/2006/3920
http://www.vupen.com/english/advisories/2006/3995
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/4300
http://www.vupen.com/english/advisories/2006/4868
http://www.vupen.com/english/advisories/2008/1246/references
http://www.vupen.com/english/advisories/2008/1697
1617818 https://bugzilla.redhat.com/show_bug.cgi?id=1617818
351246 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351246
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
CVE-2005-3357 https://httpd.apache.org/security/json/CVE-2005-3357.json
CVE-2005-3357 https://nvd.nist.gov/vuln/detail/CVE-2005-3357
GLSA-200602-03 https://security.gentoo.org/glsa/200602-03
RHSA-2006:0159 https://access.redhat.com/errata/RHSA-2006:0159
USN-241-1 https://usn.ubuntu.com/241-1/
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2005-3357
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95485
EPSS Score 0.23281
Published At April 5, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.