OpenSSL 0.9.6 および 0.9.7 に脆弱性。ASN.1 タグのパースに失敗してクラッシュしてしまうらしいです。

NISCC testing of implementations of the SSL protocol uncovered two bugs in OpenSSL 0.9.6 and OpenSSL 0.9.7. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash. A remote attacker could trigger this bug by sending a carefully-crafted SSL client certificate to an application. The effects of such an attack vary depending on the application targetted; against Apache the effects are limited, as the attack would only cause child processes to die and be replaced. An attack against other applications that use OpenSSL could result in a Denial of Service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0543 and CAN-2003-0544 to this issue.

子プロセスが死ぬだけなのでApacheへの影響は少ない、他のアプリケーションの場合はDoSと同レベルの影響、という判断らしい。