CVE-2005-3357
EPSS 43.5%
Description
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
How to fix CVE-2005-3357
To remediate CVE-2005-3357, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.0.55-4 or later
Is CVE-2005-3357 being exploited?
Moderate — EPSS is 43.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.0.55-4