CVE - CVE-2008-1531

CVE-ID
CVE-2008-1531	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:28489 URL:http://www.securityfocus.com/bid/28489 BUGTRAQ:20080331 rPSA-2008-0132-1 lighttpd URL:http://www.securityfocus.com/archive/1/490323/100/0/threaded CONFIRM:http://trac.lighttpd.net/trac/changeset/2136 CONFIRM:http://trac.lighttpd.net/trac/changeset/2139 CONFIRM:http://trac.lighttpd.net/trac/changeset/2140 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132 CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=214892 CONFIRM:https://issues.rpath.com/browse/RPL-2407 DEBIAN:DSA-1540 URL:http://www.debian.org/security/2008/dsa-1540 FEDORA:FEDORA-2008-3343 URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html FEDORA:FEDORA-2008-3376 URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html GENTOO:GLSA-200804-08 URL:http://security.gentoo.org/glsa/glsa-200804-08.xml MISC:http://trac.lighttpd.net/trac/ticket/285#comment:18 MISC:http://trac.lighttpd.net/trac/ticket/285#comment:21 OSVDB:43788 URL:~~http://www.osvdb.org/43788~~ (Obsolete source) SECUNIA:29505 URL:http://secunia.com/advisories/29505 SECUNIA:29544 URL:http://secunia.com/advisories/29544 SECUNIA:29636 URL:http://secunia.com/advisories/29636 SECUNIA:29649 URL:http://secunia.com/advisories/29649 SECUNIA:30023 URL:http://secunia.com/advisories/30023 SUSE:SUSE-SR:2008:011 URL:http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html VUPEN:ADV-2008-1063 URL:~~http://www.vupen.com/english/advisories/2008/1063/references~~ (Obsolete source) XF:lighttpd-sslerror-dos(41545) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41545
Assigning CNA
MITRE Corporation
Date Record Created
20080327	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080327)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)