This is a mod_ssl issue which only affects 2.x:
2.0.x patch attached. It's a remotely-triggered NULL pointer
dereference (so interesting only if you use a threaded MPM), affects
server configurations with an SSL vhost configured with access control
and a custom 400 errordocument; so this is rated "low".
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.