Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tmjs-99hk-syat
Vulnerability ID VCID-tmjs-99hk-syat
Aliases CVE-2015-0228
Summary A stack recursion crash in the mod_lua module was found. A Lua script executing the r:wsupgrade() function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive.
Status Published
Exploitability 0.5
Weighted Severity 2.1
Risk 1.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.15242 https://api.first.org/data/v1/epss?cve=CVE-2015-0228
epss 0.15242 https://api.first.org/data/v1/epss?cve=CVE-2015-0228
epss 0.15242 https://api.first.org/data/v1/epss?cve=CVE-2015-0228
apache_httpd low https://httpd.apache.org/security/json/CVE-2015-0228.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0228.json
https://api.first.org/data/v1/epss?cve=CVE-2015-0228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
1202988 https://bugzilla.redhat.com/show_bug.cgi?id=1202988
CVE-2015-0228 https://httpd.apache.org/security/json/CVE-2015-0228.json
RHSA-2015:1666 https://access.redhat.com/errata/RHSA-2015:1666
USN-2523-1 https://usn.ubuntu.com/2523-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.94737
EPSS Score 0.15242
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:53:44.012048+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2015-0228.json 38.6.0