The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server up to and including 2.4.12 allows remote malicious users to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 10.04 |
||
apple mac os x 10.10.4 |
||
apple mac os x server 5.0.3 |
||
opensuse opensuse 13.2 |