CVE-2008-1531

Summary

CVE	CVE-2008-1531
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-03-27 23:44:00 UTC
Updated	2018-10-31 19:23:00 UTC
Description	The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	4.0	All	All	All
Operating System	Debian	Debian Linux	4.0	All	All	All
Application	Lighttpd	Lighttpd	All	All	All	All
Application	Lighttpd	Lighttpd	All	All	All	All
Application	Lighttpd	Lighttpd	All	All	All	All

References

Reference	Source	Link	Tags
[security-announce] SUSE Security Summary Report SUSE-SR:200?8:011	SUSE	lists.opensuse.org	Third Party Advisory
Redmine 404 error	CONFIRM	trac.lighttpd.net	Broken Link, Vendor Advisory
Fedora update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
[SECURITY] Fedora 8 Update: lighttpd-1.4.19-4.fc8	FEDORA	www.redhat.com	Third Party Advisory
Lighttpd - Bug #285: active SSL connection loss (SSL3_WRITE_PENDING:bad write retry) (CVE-2008-1531) - lighty labs	MISC	trac.lighttpd.net	Vendor Advisory
Advisories:rPSA-2008-0132 - rPath Wiki	CONFIRM	wiki.rpath.com	Third Party Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com	Third Party Advisory, VDB Entry
214892 – www-servers/lighttpd <1.4.19-r2 closing of foreign SSL connections (DoS) (CVE-2008-1531)	CONFIRM	bugs.gentoo.org	Third Party Advisory
issues.rpath.com/browse/RPL-2407	CONFIRM	issues.rpath.com	Broken Link
Debian update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com	Third Party Advisory, VDB Entry
Debian -- Security Information -- DSA-1540-1 lighttpd	DEBIAN	www.debian.org	Third Party Advisory
lighttpd OpenSSL Error Queue Denial of Service Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
rPath update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
43788	OSVDB	www.osvdb.org	Broken Link
lighttpd: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	security.gentoo.org	Third Party Advisory
Gentoo update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
Changeset 2139 – lighttpd – Trac	CONFIRM	trac.lighttpd.net	Broken Link, Vendor Advisory
Changeset 2140 – lighttpd – Trac	CONFIRM	trac.lighttpd.net	Broken Link, Vendor Advisory
[SECURITY] Fedora 7 Update: lighttpd-1.4.19-4.fc7	FEDORA	www.redhat.com	Third Party Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Third Party Advisory
Lighttpd SSL Error Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Lighttpd - Bug #285: active SSL connection loss (SSL3_WRITE_PENDING:bad write retry) (CVE-2008-1531) - lighty labs	MISC	trac.lighttpd.net	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.