CVE-2015-0228

 

Published at: - 08-03-2015 03:59

Last modified: - 30-06-2022 05:18

Total changes: - 4

Description

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

 

Verification logic

 

Reference

• https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef
• http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES
• USN-2523-1-
• openSUSE-SU-2015:0418-
• http://advisories.mageia.org/MGASA-2015-0099.html
• APPLE-SA-2015-08-13-2-
• https://support.apple.com/kb/HT205031
• APPLE-SA-2015-09-16-4-
• https://support.apple.com/HT205219
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• 91787-
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• 73041-
• 1032967-
• RHSA-2015:1666-
• [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.html security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410
• [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-
• [httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/-
• [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-
• [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-

 

Keywords

NVD

 

CVE-2015-0228

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures