CVE-2005-3357

Name of the Vulnerable Software and Affected Versions Apache 2.0 versions 2.0 up to 2.0.55

Description The issue is related to a NULL pointer dereference flaw in mod ssl, affecting server configurations with an SSL virtual host that has access control and a custom 400 error document. A remote attacker can send a carefully crafted request to trigger this issue, leading to a crash, which results in a denial of service, particularly when using the worker MPM.

Recommendations For Apache 2.0 versions 2.0 up to 2.0.55, consider disabling the custom 400 error document for SSL virtual hosts with access control as a temporary workaround until a patch is available. Restrict access to the SSL port to minimize the risk of exploitation.