Description
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Remediation
References
Related Vulnerabilities
Google Doc Embedder SQL Injection (2.5.14)
osCommerce Other Vulnerability (CVE-2006-5190)
BuddyPress Activity Plus Cross-Site Scripting (1.6.3)
Oracle HTTP Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2015-2808)
WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0.11 - 2.3)