Description
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2266)
XWiki Credentials Management Errors Vulnerability (CVE-2005-4862)
Oracle Database Server CVE-2011-0870 Vulnerability (CVE-2011-0870)
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22873)
WordPress Plugin Remove Yoast SEO comments Unspecified Vulnerability (1.0.4)