Description
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Remediation
References
Related Vulnerabilities
Squid Other Vulnerability (CVE-2016-4556)
MySQL CVE-2018-2762 Vulnerability (CVE-2018-2762)
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)
Drupal Core 9.0.x Security Bypass (9.0.0 - 9.0.5)
Oracle Application Server CVE-2009-1008 Vulnerability (CVE-2009-1008)