This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.
The remote web server is affected by a denial of service
The version of Apache running on the remote host is affected by a
denial of service vulnerability due to a flaw in mod_ssl that occurs
when it is configured with an SSL vhost with access control and a
custom 400 error page. A remote attacker can exploit this, via a
non-SSL request to an SSL port, to cause a NULL pointer to be
dereferenced, resulting in crashing individual child processes or even
the entire server.
See also :
Upgrade to Apache version 2.0.58 or later. Alternatively, update the
Apache configuration to use 'SSLRequire' whenever 'SSLCipherSuite' is
Risk factor :
Medium / CVSS Base Score : 5.4
CVSS Temporal Score : 4.7
Public Exploit Available : false