Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1531

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1531
Last Modified 11 Oct 2011 12:00:00
Published 27 Mar 2008 07:44:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1531

Summary

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Vulnerable Systems

Application

  • Lighttpd 1.4.19

  • Lighttpd 1.4.9


References

FEDORA - FEDORA-2008-3376

FEDORA - FEDORA-2008-3343

CONFIRM - https://issues.rpath.com/browse/RPL-2407

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=214892

XF - lighttpd-sslerror-dos(41545)

VUPEN - ADV-2008-1063

BID - 28489

BUGTRAQ - 20080331 rPSA-2008-0132-1 lighttpd

OSVDB - 43788

DEBIAN - DSA-1540

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132

MISC - http://trac.lighttpd.net/trac/ticket/285#comment:21

MISC - http://trac.lighttpd.net/trac/ticket/285#comment:18

CONFIRM - http://trac.lighttpd.net/trac/changeset/2140

CONFIRM - http://trac.lighttpd.net/trac/changeset/2139

CONFIRM - http://trac.lighttpd.net/trac/changeset/2136

GENTOO - GLSA-200804-08

SECUNIA - 30023

SECUNIA - 29649

SECUNIA - 29636

SECUNIA - 29544

SECUNIA - 29505

SUSE - SUSE-SR:2008:011


Last Updated: 27 May 2016 10:47:34