Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-0228
HistoryFeb 16, 2015 - 12:00 a.m.

CVE-2015-0228

2015-02-1600:00:00
ubuntu.com
ubuntu.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

92.0%

The lua_websocket_read function in lua_request.c in the mod_lua module in
the Apache HTTP Server through 2.4.12 allows remote attackers to cause a
denial of service (child-process crash) by sending a crafted WebSocket Ping
frame after a Lua script has called the wsupgrade function.

Notes

Author Note
mdeslaur mod_lua is in 2.4.x only mod_lua isn’t built in trusty
OSVersionArchitecturePackageVersionFilename
ubuntu14.10noarchapache2< 2.4.10-1ubuntu1.1UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

92.0%