mod_lua: Crash in websockets PING handling

Disclosed: 2015-02-04 00:00:00 By guido To ibb

Unknown

Vulnerability Details

A stack recursion crash in the mod_lua module was found. A Lua script executing the r:wsupgrade() function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive. https://httpd.apache.org/security/vulnerabilities_24.html

Actions

View on HackerOne

Report Stats

Report ID: 103991
State: Closed
Substate: resolved
Upvotes: 2

mod_lua: Crash in websockets PING handling

Vulnerability Details

Actions

Report Stats

Share this report