Описание
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.4.10-8ubuntu3 |
| esm-infra-legacy/trusty | not-affected | code not built |
| lucid | not-affected | 2.2.14-5ubuntu8.14 |
| precise | not-affected | 2.2.22-1ubuntu1.7 |
| trusty | not-affected | code not built |
| trusty/esm | not-affected | code not built |
| upstream | needs-triage | |
| utopic | released | 2.4.10-1ubuntu1.1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
The lua_websocket_read function in lua_request.c in the mod_lua module ...
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Уязвимость веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2