PT-2008-3090 · Lighttpd · Lighttpd

Published

2008-03-27

Updated

2024-06-15

CVE-2008-1531

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions lighttpd versions 1.4.19 and earlier lighttpd versions 1.5.x before 1.5.0

Description The issue allows remote attackers to cause a denial of service, specifically an active SSL connection loss, by triggering an SSL error. This can occur when an action such as disconnecting before a download has finished is performed, resulting in the loss of all active SSL connections.

Recommendations For lighttpd versions 1.4.19 and earlier, update to a version later than 1.4.19. For lighttpd versions 1.5.x before 1.5.0, update to version 1.5.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-1531

DSA-1540-1

OPENSUSE-SU-2024:10585-1

Affected Products

Lighttpd

PT-2008-3090 · Lighttpd · Lighttpd

CVE-2008-1531

Related Identifiers

Affected Products

References · 37