Denial of Service Vulnerability in Lighttpd by CyberAttackers
CVE-2008-1531

Currently unrated

Key Information:

Vendor: Lighttpd
Status: Lighttpd
Vendor: CVE Published:; 27 March 2008

What is CVE-2008-1531?

The connection_state_machine function in Lighttpd versions 1.4.19 and earlier, as well as in 1.5.x prior to version 1.5.0, is susceptible to a Denial of Service attack. An attacker can exploit this vulnerability by triggering an SSL error—such as disconnecting before a download is completed—which results in the loss of all active SSL connections. This could render the affected lighttpd server temporarily unavailable and disrupt services relying on secure connections.

References

http://trac.lighttpd.net/trac/ticket/285#comment:21

x_refsource_MISC

https://issues.rpath.com/browse/RPL-2407

x_refsource_CONFIRM

https://bugs.gentoo.org/show_bug.cgi?id=214892

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2008
Vulnerability Reserved
Mar 27, 2008