Search Results (Refine Search)
- CPE Product Version: cpe:/a:apache:http_server:2.4.12
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-0253 |
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. Published: July 20, 2015; 7:59:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0228 |
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Published: March 07, 2015; 9:59:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |