Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-0228HistoryMar 08, 2015 - 2:59 a.m.
CVE-2015-0228
2015-03-0802:59:00
Debian Security Bug Tracker
security-tracker.debian.org
13
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.04 Low
EPSS
Percentile
92.0%
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | apache2 | < 2.4.10-10 | apache2_2.4.10-10_all.deb |
| Debian | 11 | all | apache2 | < 2.4.10-10 | apache2_2.4.10-10_all.deb |
| Debian | 10 | all | apache2 | < 2.4.10-10 | apache2_2.4.10-10_all.deb |
| Debian | 999 | all | apache2 | < 2.4.10-10 | apache2_2.4.10-10_all.deb |
| Debian | 13 | all | apache2 | < 2.4.10-10 | apache2_2.4.10-10_all.deb |
Related
f5
f5
SOL17157 - Apache HTTP server vulnerability CVE-2015-0228
2015-08-20 00:00:00
K17157 : Apache HTTP server vulnerability CVE-2015-0228
2015-08-20 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0099)
2022-01-28 00:00:00
Apache HTTP Server 'mod_lua' Denial of Service Vulnerability -01 (May 2015)
2015-05-18 00:00:00
Oracle: Security Advisory (ELSA-2015-1666)
2016-02-05 00:00:00
nessus
nessus
openSUSE Security Update : apache2 (openSUSE-2015-191)
2015-03-05 00:00:00
Oracle Linux 7 : httpd24-httpd (ELSA-2015-1666)
2023-09-07 00:00:00
SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:0974-1)
2015-06-02 00:00:00
cve
cve
CVE-2015-0228
2015-03-08 02:59:00
hackerone
hackerone
Internet Bug Bounty: mod_lua: Crash in websockets PING handling
2015-01-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:07:16
Denial Of Service (DoS)
2019-05-02 05:18:03
httpd
httpd
Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling
2015-01-28 00:00:00
ubuntucve
ubuntucve
CVE-2015-0228
2015-02-16 00:00:00
mageia
mageia
Updated apache packages fix CVE-2015-0228
2015-03-06 21:08:57
prion
prion
Code injection
2015-03-08 02:59:00
archlinux
archlinux
apache: multiple issues
2015-07-17 00:00:00
kaspersky
kaspersky
KLA10640 Multiple vulnerabilities in Apache HTTP Server
2015-07-21 00:00:00
redhat
redhat
(RHSA-2015:1666) Moderate: httpd24-httpd security update
2015-08-24 00:00:00
slackware
slackware
[slackware-security] httpd
2015-07-17 20:25:06
oraclelinux
oraclelinux
httpd24-httpd security update
2016-02-04 00:00:00
securityvulns
securityvulns
[slackware-security] httpd (SSA:2015-198-01)
2015-07-20 00:00:00
[USN-2523-1] Apache HTTP Server vulnerabilities
2015-03-15 00:00:00
Apache multiple security vulnerabilities
2015-04-16 00:00:00
freebsd
freebsd
apache24 -- multiple vulnerabilities
2015-02-04 00:00:00
amazon
amazon
Medium: httpd24
2015-08-17 12:27:00
fedora
fedora
[SECURITY] Fedora 22 Update: httpd-2.4.16-1.fc22
2015-07-21 08:12:37
[SECURITY] Fedora 21 Update: httpd-2.4.16-1.fc21
2015-07-30 00:52:03
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2015-03-10 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.04 Low
EPSS
Percentile
92.0%
Related for DEBIANCVE:CVE-2015-0228