Description

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Remediation

References

CVE-2008-1531

Related Vulnerabilities

Moodle Configuration Vulnerability (CVE-2012-0797)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)

IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2023-38371)

Internet Information Services Other Vulnerability (CVE-2002-1181)

WordPress Plugin Campaign Press Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2008-1531

Tags

Missing Update Known Vulnerabilities