CVE-2008-1531 — MEDIUM (4.3)

Q: How severe is CVE-2008-1531?

CVE-2008-1531 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-1531?

Check the references section above for vendor advisories and patch information. Affected products include: Lighttpd Lighttpd, Debian Debian Linux.

Vulnerability Description

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Lighttpd	Lighttpd	<= 1.4.19
Debian	Debian Linux	4.0

References

http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlThird Party Advisory
http://secunia.com/advisories/29505Third Party Advisory
http://secunia.com/advisories/29544Third Party Advisory
http://secunia.com/advisories/29636Third Party Advisory
http://secunia.com/advisories/29649Third Party Advisory
http://secunia.com/advisories/30023Third Party Advisory
http://security.gentoo.org/glsa/glsa-200804-08.xmlThird Party Advisory
http://trac.lighttpd.net/trac/changeset/2136Broken LinkVendor Advisory
http://trac.lighttpd.net/trac/changeset/2139Broken LinkVendor Advisory
http://trac.lighttpd.net/trac/changeset/2140Broken LinkVendor Advisory
http://trac.lighttpd.net/trac/ticket/285#comment:18Vendor Advisory
http://trac.lighttpd.net/trac/ticket/285#comment:21Vendor Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132Third Party Advisory
http://www.debian.org/security/2008/dsa-1540Third Party Advisory
http://www.osvdb.org/43788Broken Link

FAQ

What is CVE-2008-1531?

CVE-2008-1531 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by trigg...

How severe is CVE-2008-1531?

CVE-2008-1531 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1531?

Check the references section above for vendor advisories and patch information. Affected products include: Lighttpd Lighttpd, Debian Debian Linux.