Vasileios Panopoulos

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server mod ssl versions 2.2.x through 2.2.32 Apache HTTP Server mod ssl versions 2.4.x through 2.4.25 **Description** The issue is related to a NULL pointer dereference error in the mod ssl module of the Apache HTTP Server. This error can be exploited by a remote attacker to access local files when third-party modules call the `ap hook process connection()` function during an HTTP request to an HTTPS port. **Recommendations** For Apache HTTP Server mod ssl versions 2.2.x through 2.2.32, update to version 2.2.33 or later. For Apache HTTP Server mod ssl versions 2.4.x through 2.4.25, update to version 2.4.26 or later. As a temporary workaround, consider restricting access to the `ap hook process connection()` function until a patch is available.