5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.055 Low
EPSS
Percentile
92.4%
mod_lua: A maliciously crafted websockets PING after a script calls
r:wsupgrade() can cause a child process crash.
Fix a crash with ErrorDocument 400 pointing to a local URL-path with the
INCLUDES filter active, introduced in 2.4.11. PR 57531.
core: Fix chunk header parsing defect. Remove apr_brigade_flatten(),
buffering and duplicated code from the HTTP_IN filter, parse chunks in a
single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be
strict about chunk-ext authorized characters.
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with
new ap_some_authn_required and ap_force_authn hook.