ID CVE-2008-1531
Summary The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
References
Vulnerable Configurations
  • cpe:2.3:a:lighttpd:lighttpd:1.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 31-10-2018 - 19:23)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 28489
bugtraq 20080331 rPSA-2008-0132-1 lighttpd
confirm
debian DSA-1540
fedora
  • FEDORA-2008-3343
  • FEDORA-2008-3376
gentoo GLSA-200804-08
misc
osvdb 43788
secunia
  • 29505
  • 29544
  • 29636
  • 29649
  • 30023
suse SUSE-SR:2008:011
vupen ADV-2008-1063
xf lighttpd-sslerror-dos(41545)
Last major update 31-10-2018 - 19:23
Published 27-03-2008 - 23:44
Last modified 31-10-2018 - 19:23
Back to Top