CVE Vulnerabilities

CVE-2008-1531

Published: Mar 27, 2008 | Modified: Oct 31, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Affected Software

Name Vendor Start Version End Version
Lighttpd Lighttpd * 1.4.19
Lighttpd Lighttpd 1.5 *
Lighttpd Ubuntu dapper *
Lighttpd Ubuntu devel *
Lighttpd Ubuntu edgy *
Lighttpd Ubuntu feisty *
Lighttpd Ubuntu gutsy *
Lighttpd Ubuntu hardy *
Lighttpd Ubuntu intrepid *
Lighttpd Ubuntu jaunty *
Lighttpd Ubuntu karmic *
Lighttpd Ubuntu upstream *

References