CVE-2015-0228

Apache HTTP Server < 2.4.12 - Denial of Service via Crafted WebSocket Ping Frame

Title source: llm
STIX 2.1

Description

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

References (28)

Core 28
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0099.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2523-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032967
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91787
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73041
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1666.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205031
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205219

Scores

EPSS 0.1524
EPSS Percentile 94.7%

Details

CWE
CWE-20
Status published
Products (8)
apache/http_server < 2.4.12
apple/mac_os_x 10.10.4
apple/mac_os_x_server 5.0.3
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 14.10
opensuse/opensuse 13.2
Published Mar 08, 2015
Tracked Since Feb 18, 2026