Executive Summary

Informations
NameCVE-2015-0228First vendor Publication2015-03-07
VendorCveLast vendor Modification2018-10-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28696
 
Oval ID: oval:org.mitre.oval:def:28696
Title: SUSE-SU-2015:0974-1 -- Security update for apache2 (moderate)
Description: Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed: - mod_headers rules could be bypassed via chunked requests. Adds "MergeTrailers" directive to restore legacy behavior. (bsc#871310, CVE-2013-5704) - An empty value in Content-Type could lead to a crash through a null pointer dereference and a denial of service. (bsc#899836, CVE-2014-3581) - Remote attackers could bypass intended access restrictions in mod_lua LuaAuthzProvider when multiple Require directives with different arguments are used. (bsc#909715, CVE-2014-8109)
Family: unix Class: patch
Reference(s): SUSE-SU-2015:0974-1
CVE-2013-5704
CVE-2014-3581
CVE-2014-8109
CVE-2015-0228
Version: 3
Platform(s): SUSE Linux Enterprise Server 12
Product(s): apache2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application226
Os1
Os1
Os4
Os1

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-08-20IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337
2015-07-23IAVM : 2015-A-0174 - Multiple Vulnerabilities in Apache HTTP Server
Severity : Category I - VMSKEY : V0061135

Nessus® Vulnerability Scanner

DateDescription
2015-09-22Name : The remote host is missing a security update for OS X Server.
File : macosx_server_5_0_3.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-579.nasl - Type : ACT_GATHER_INFO
2015-08-17Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-08-17Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-006.nasl - Type : ACT_GATHER_INFO
2015-07-30Name : The remote Fedora host is missing a security update.
File : fedora_2015-11792.nasl - Type : ACT_GATHER_INFO
2015-07-23Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_4_16.nasl - Type : ACT_GATHER_INFO
2015-07-22Name : The remote Fedora host is missing a security update.
File : fedora_2015-11689.nasl - Type : ACT_GATHER_INFO
2015-07-20Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-198-01.nasl - Type : ACT_GATHER_INFO
2015-07-16Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a12494c12af411e586ff14dae9d210b8.nasl - Type : ACT_GATHER_INFO
2015-06-02Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0974-1.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-093.nasl - Type : ACT_GATHER_INFO
2015-03-11Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2523-1.nasl - Type : ACT_GATHER_INFO
2015-03-05Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-191.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
BID http://www.securityfocus.com/bid/73041
http://www.securityfocus.com/bid/91787
CONFIRM http://advisories.mageia.org/MGASA-2015-0099.html
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-286720...
https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef
https://support.apple.com/HT205219
https://support.apple.com/kb/HT205031
MLIST https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e8029...
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277...
REDHAT http://rhn.redhat.com/errata/RHSA-2015-1666.html
SECTRACK http://www.securitytracker.com/id/1032967
SUSE http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html
UBUNTU http://www.ubuntu.com/usn/USN-2523-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
DateInformations
2019-08-16 12:03:13
  • Multiple Updates
2018-10-31 00:20:41
  • Multiple Updates
2018-09-25 12:10:28
  • Multiple Updates
2018-04-16 01:02:32
  • Multiple Updates
2018-01-26 12:05:57
  • Multiple Updates
2018-01-05 09:23:26
  • Multiple Updates
2017-09-30 05:25:01
  • Multiple Updates
2017-09-22 09:24:09
  • Multiple Updates
2017-07-22 12:02:39
  • Multiple Updates
2016-11-29 00:24:59
  • Multiple Updates
2016-10-12 09:24:06
  • Multiple Updates
2016-09-30 01:05:11
  • Multiple Updates
2016-08-09 09:24:04
  • Multiple Updates
2016-07-22 12:03:12
  • Multiple Updates
2016-07-08 21:24:16
  • Multiple Updates
2016-06-29 00:44:19
  • Multiple Updates
2016-04-27 01:39:50
  • Multiple Updates
2015-10-18 17:23:11
  • Multiple Updates
2015-09-23 13:24:07
  • Multiple Updates
2015-09-19 09:22:35
  • Multiple Updates
2015-08-19 13:30:10
  • Multiple Updates
2015-08-18 13:34:55
  • Multiple Updates
2015-08-18 09:19:42
  • Multiple Updates
2015-07-31 13:28:49
  • Multiple Updates
2015-07-24 13:29:19
  • Multiple Updates
2015-07-18 13:28:25
  • Multiple Updates
2015-06-03 13:30:12
  • Multiple Updates
2015-04-02 09:26:29
  • Multiple Updates
2015-03-31 13:29:14
  • Multiple Updates
2015-03-17 09:27:09
  • Multiple Updates
2015-03-12 13:24:15
  • Multiple Updates
2015-03-09 21:24:15
  • Multiple Updates
2015-03-08 09:23:17
  • First insertion