CVE Database · CVE-2015-0228
CVSS v3.1
N/A
EPSS
18.94%
Published
Mar 8, 2015
Modified
May 6, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
Weaknesses (CWE)
Affected Products (8)
References (20)
