Executive Summary

Informations
Name CVE-2015-0228 First vendor Publication 2015-03-07
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28696
 
Oval ID: oval:org.mitre.oval:def:28696
Title: SUSE-SU-2015:0974-1 -- Security update for apache2 (moderate)
Description: Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed: - mod_headers rules could be bypassed via chunked requests. Adds "MergeTrailers" directive to restore legacy behavior. (bsc#871310, CVE-2013-5704) - An empty value in Content-Type could lead to a crash through a null pointer dereference and a denial of service. (bsc#899836, CVE-2014-3581) - Remote attackers could bypass intended access restrictions in mod_lua LuaAuthzProvider when multiple Require directives with different arguments are used. (bsc#909715, CVE-2014-8109)
Family: unix Class: patch
Reference(s): SUSE-SU-2015:0974-1
CVE-2013-5704
CVE-2014-3581
CVE-2014-8109
CVE-2015-0228
Version: 3
Platform(s): SUSE Linux Enterprise Server 12
Product(s): apache2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 227
Os 1
Os 1
Os 4
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-08-20 IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337
2015-07-23 IAVM : 2015-A-0174 - Multiple Vulnerabilities in Apache HTTP Server
Severity : Category I - VMSKEY : V0061135

Nessus® Vulnerability Scanner

Date Description
2015-09-22 Name : The remote host is missing a security update for OS X Server.
File : macosx_server_5_0_3.nasl - Type : ACT_GATHER_INFO
2015-08-18 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-579.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-006.nasl - Type : ACT_GATHER_INFO
2015-07-30 Name : The remote Fedora host is missing a security update.
File : fedora_2015-11792.nasl - Type : ACT_GATHER_INFO
2015-07-23 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_4_16.nasl - Type : ACT_GATHER_INFO
2015-07-22 Name : The remote Fedora host is missing a security update.
File : fedora_2015-11689.nasl - Type : ACT_GATHER_INFO
2015-07-20 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-198-01.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a12494c12af411e586ff14dae9d210b8.nasl - Type : ACT_GATHER_INFO
2015-06-02 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0974-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-093.nasl - Type : ACT_GATHER_INFO
2015-03-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2523-1.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-191.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e8029...
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277...
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedee...
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae5...
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f...
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc461...
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fab...
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444a...
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef56...
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b957...
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326...
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f...
Source Url
APPLE http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
BID http://www.securityfocus.com/bid/73041
http://www.securityfocus.com/bid/91787
CONFIRM http://advisories.mageia.org/MGASA-2015-0099.html
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-286720...
https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef
https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410
https://support.apple.com/HT205219
https://support.apple.com/kb/HT205031
REDHAT http://rhn.redhat.com/errata/RHSA-2015-1666.html
SECTRACK http://www.securitytracker.com/id/1032967
SUSE http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html
UBUNTU http://www.ubuntu.com/usn/USN-2523-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Date Informations
2024-02-02 01:30:08
  • Multiple Updates
2024-02-01 12:08:50
  • Multiple Updates
2023-11-07 21:44:58
  • Multiple Updates
2023-09-05 12:28:37
  • Multiple Updates
2023-09-05 01:08:42
  • Multiple Updates
2023-09-02 12:28:34
  • Multiple Updates
2023-09-02 01:08:51
  • Multiple Updates
2023-08-12 12:31:08
  • Multiple Updates
2023-08-12 01:08:19
  • Multiple Updates
2023-08-11 12:26:41
  • Multiple Updates
2023-08-11 01:08:33
  • Multiple Updates
2023-08-06 12:25:54
  • Multiple Updates
2023-08-06 01:08:19
  • Multiple Updates
2023-08-04 12:25:59
  • Multiple Updates
2023-08-04 01:08:23
  • Multiple Updates
2023-07-14 12:25:58
  • Multiple Updates
2023-07-14 01:08:21
  • Multiple Updates
2023-03-29 01:27:44
  • Multiple Updates
2023-03-28 12:08:41
  • Multiple Updates
2022-10-11 12:23:25
  • Multiple Updates
2022-10-11 01:08:29
  • Multiple Updates
2021-06-25 01:15:18
  • Multiple Updates
2021-06-06 17:23:01
  • Multiple Updates
2021-05-05 01:17:47
  • Multiple Updates
2021-05-04 12:39:35
  • Multiple Updates
2021-04-22 01:48:27
  • Multiple Updates
2021-03-30 17:22:49
  • Multiple Updates
2020-10-27 21:23:18
  • Multiple Updates
2020-10-10 01:11:58
  • Multiple Updates
2020-05-23 01:54:12
  • Multiple Updates
2020-05-23 00:43:22
  • Multiple Updates
2019-08-16 12:03:13
  • Multiple Updates
2018-10-31 00:20:41
  • Multiple Updates
2018-09-25 12:10:28
  • Multiple Updates
2018-04-16 01:02:32
  • Multiple Updates
2018-01-26 12:05:57
  • Multiple Updates
2018-01-05 09:23:26
  • Multiple Updates
2017-09-30 05:25:01
  • Multiple Updates
2017-09-22 09:24:09
  • Multiple Updates
2017-07-22 12:02:39
  • Multiple Updates
2016-11-29 00:24:59
  • Multiple Updates
2016-10-12 09:24:06
  • Multiple Updates
2016-09-30 01:05:11
  • Multiple Updates
2016-08-09 09:24:04
  • Multiple Updates
2016-07-22 12:03:12
  • Multiple Updates
2016-07-08 21:24:16
  • Multiple Updates
2016-06-29 00:44:19
  • Multiple Updates
2016-04-27 01:39:50
  • Multiple Updates
2015-10-18 17:23:11
  • Multiple Updates
2015-09-23 13:24:07
  • Multiple Updates
2015-09-19 09:22:35
  • Multiple Updates
2015-08-19 13:30:10
  • Multiple Updates
2015-08-18 13:34:55
  • Multiple Updates
2015-08-18 09:19:42
  • Multiple Updates
2015-07-31 13:28:49
  • Multiple Updates
2015-07-24 13:29:19
  • Multiple Updates
2015-07-18 13:28:25
  • Multiple Updates
2015-06-03 13:30:12
  • Multiple Updates
2015-04-02 09:26:29
  • Multiple Updates
2015-03-31 13:29:14
  • Multiple Updates
2015-03-17 09:27:09
  • Multiple Updates
2015-03-12 13:24:15
  • Multiple Updates
2015-03-09 21:24:15
  • Multiple Updates
2015-03-08 09:23:17
  • First insertion