Описание
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash.
Отчет
This issue did not affect the version of httpd package as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | httpd | Not affected | ||
| Red Hat Directory Server 8 | httpd | Not affected | ||
| Red Hat Enterprise Linux 5 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat Enterprise Linux 7 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | httpd24 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
The lua_websocket_read function in lua_request.c in the mod_lua module ...
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Уязвимость веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2