CVE-2015-0228
08.03.2015, 02:59
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.Enginsight
Vendor | Product | Version |
---|---|---|
apache | http_server | 𝑥 ≤ 2.4.12 |
canonical | ubuntu_linux | 10.04 |
canonical | ubuntu_linux | 12.04 |
canonical | ubuntu_linux | 14.04 |
canonical | ubuntu_linux | 14.10 |
apple | mac_os_x | 10.10.4 |
apple | mac_os_x_server | 5.0.3 |
opensuse | opensuse | 13.2 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Common Weakness Enumeration
References