Description
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Add Product Tabs for WooCommerce Security Bypass (1.4.2)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5478)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (3.1.9)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.5)