mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.0 (including) | 2.0 (including) |
| Http_server | Apache | 2.0.9 (including) | 2.0.9 (including) |
| Http_server | Apache | 2.0.28 (including) | 2.0.28 (including) |
| Http_server | Apache | 2.0.28-beta (including) | 2.0.28-beta (including) |
| Http_server | Apache | 2.0.32 (including) | 2.0.32 (including) |
| Http_server | Apache | 2.0.35 (including) | 2.0.35 (including) |
| Http_server | Apache | 2.0.36 (including) | 2.0.36 (including) |
| Http_server | Apache | 2.0.37 (including) | 2.0.37 (including) |
| Http_server | Apache | 2.0.38 (including) | 2.0.38 (including) |
| Http_server | Apache | 2.0.39 (including) | 2.0.39 (including) |
| Http_server | Apache | 2.0.40 (including) | 2.0.40 (including) |
| Http_server | Apache | 2.0.41 (including) | 2.0.41 (including) |
| Http_server | Apache | 2.0.42 (including) | 2.0.42 (including) |
| Http_server | Apache | 2.0.43 (including) | 2.0.43 (including) |
| Http_server | Apache | 2.0.44 (including) | 2.0.44 (including) |
| Http_server | Apache | 2.0.45 (including) | 2.0.45 (including) |
| Http_server | Apache | 2.0.46 (including) | 2.0.46 (including) |
| Http_server | Apache | 2.0.47 (including) | 2.0.47 (including) |
| Http_server | Apache | 2.0.48 (including) | 2.0.48 (including) |
| Http_server | Apache | 2.0.49 (including) | 2.0.49 (including) |
| Http_server | Apache | 2.0.50 (including) | 2.0.50 (including) |
| Http_server | Apache | 2.0.51 (including) | 2.0.51 (including) |
| Http_server | Apache | 2.0.52 (including) | 2.0.52 (including) |
| Http_server | Apache | 2.0.53 (including) | 2.0.53 (including) |
| Http_server | Apache | 2.0.54 (including) | 2.0.54 (including) |
| Http_server | Apache | 2.0.55 (including) | 2.0.55 (including) |
| Red Hat Enterprise Linux 3 | RedHat | httpd-0:2.0.46-56.ent | * |
| Red Hat Enterprise Linux 4 | RedHat | httpd-0:2.0.52-22.ent | * |
| Apache2 | Ubuntu | dapper | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | edgy | * |
| Apache2 | Ubuntu | feisty | * |