Lucene search

K
httpdApache Team FoundationHTTPD:E07AEA8765BD0F6E15AAD496A2714564
HistoryJan 28, 2015 - 12:00 a.m.

Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling

2015-01-2800:00:00
Apache Team Foundation
httpd.apache.org
16

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.041

Percentile

92.3%

A stack recursion crash in the mod_lua module was found. A Lua script executing the r:wsupgrade() function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.4.12
OR
apacheapache_httpdMatch2.4.10
OR
apacheapache_httpdMatch2.4.9
OR
apacheapache_httpdMatch2.4.7

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.041

Percentile

92.3%