Think you have a false positive on this rule?

Sid 1-11263

Message

SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt

Summary

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Impact

CVSS base score 5.4 CVSS impact score 6.9 CVSS exploitability score 4.9 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2005-3357:

CVSS base score 5.4

CVSS impact score 6.9

CVSS exploitability score 4.9

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

CVE-2017-3169:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2005-3357: mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection() during an HTTP request to an HTTPS port.

Affected systems

  • apache http_server 2.0
  • apache http_server 2.0.9
  • apache http_server 2.0.28
  • apache http_server 2.0.32
  • apache http_server 2.0.35
  • apache http_server 2.0.36
  • apache http_server 2.0.37
  • apache http_server 2.0.38
  • apache http_server 2.0.39
  • apache http_server 2.0.40
  • apache http_server 2.0.41
  • apache http_server 2.0.42
  • apache http_server 2.0.43
  • apache http_server 2.0.44
  • apache http_server 2.0.45
  • apache http_server 2.0.46
  • apache http_server 2.0.47
  • apache http_server 2.0.48
  • apache http_server 2.0.49
  • apache http_server 2.0.50
  • apache http_server 2.0.51
  • apache http_server 2.0.52
  • apache http_server 2.0.53
  • apache http_server 2.0.54
  • apache http_server 2.0.55
  • apache http_server 2.2.0
  • apache http_server 2.2.2
  • apache http_server 2.2.3
  • apache http_server 2.2.11
  • apache http_server 2.2.12
  • apache http_server 2.2.13
  • apache http_server 2.2.14
  • apache http_server 2.2.15
  • apache http_server 2.2.16
  • apache http_server 2.2.17
  • apache http_server 2.2.18
  • apache http_server 2.2.19
  • apache http_server 2.2.20
  • apache http_server 2.2.21
  • apache http_server 2.2.22
  • apache http_server 2.2.23
  • apache http_server 2.2.24
  • apache http_server 2.2.25
  • apache http_server 2.2.26
  • apache http_server 2.2.27
  • apache http_server 2.2.29
  • apache http_server 2.2.30
  • apache http_server 2.2.31
  • apache http_server 2.2.32
  • apache http_server 2.4.1
  • apache http_server 2.4.2
  • apache http_server 2.4.10
  • apache http_server 2.4.12
  • apache http_server 2.4.16
  • apache http_server 2.4.17
  • apache http_server 2.4.18
  • apache http_server 2.4.20
  • apache http_server 2.4.23
  • apache http_server 2.4.25

Ease of attack

CVE-2005-3357:

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

CVE-2017-3169:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References