CVE-2008-1531

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/03/2008
Last modified:
09/04/2025

Description

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* 1.4.19 (including)
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* 1.5 (including) 1.5.0 (excluding)
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools