CVE-2008-1531

Severity

43%

Complexity

86%

Confidentiality

48%

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 16 years ago

2008-03-27 23:44:00

Last updated 6 years ago

2018-10-31 19:23:00

Affected Software

Debian GNU/Linux 4.0

4.0

References

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2008-1531

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 16 years ago

Last updated 6 years ago

Affected Software

Debian GNU/Linux 4.0

References

SUSE-SR:2008:011

29505

29544

29636

29649

30023

GLSA-200804-08

http://trac.lighttpd.net/trac/changeset/2136

http://trac.lighttpd.net/trac/changeset/2139

http://trac.lighttpd.net/trac/changeset/2140

http://trac.lighttpd.net/trac/ticket/285#comment:18

http://trac.lighttpd.net/trac/ticket/285#comment:21

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132

DSA-1540

43788

20080331 rPSA-2008-0132-1 lighttpd

28489

ADV-2008-1063

https://bugs.gentoo.org/show_bug.cgi?id=214892

lighttpd-sslerror-dos(41545)

https://issues.rpath.com/browse/RPL-2407

FEDORA-2008-3343

FEDORA-2008-3376

Stay updated

Get in touch