[lighttpd] [CVE-2008-1531] DoS vulnerability via incorrectly handled SSL errors

Bug #214975 reported by disabled.user on 2008-04-10
This bug report is a duplicate of:  Bug #209627: lighttpd (security) ssl fix. Edit Remove
256
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: lighttpd

References:
DSA-1540-1 (http://www.debian.org/security/2008/dsa-1540)

Quoting:
"It was discovered that lighttpd, a fast webserver with minimal memory
footprint, was didn't correctly handle SSL errors. This could allow
a remote attacker to disconnect all active SSL connections."

CVE References

William Grant (wgrant) wrote :

In future, please check https://launchpad.net/bugs/cve/CVE-XXXX-XXXX for duplicates first, as they might not be visible in Ubuntu lists due to being fixed in all releases.

Will do so, didn't know this browse-by-CVE-feature since now. That's why I try to have related CVEs in the summaries of new reports, so that Launchpad's "Is the bug you’re reporting one of these?"-feature may find duplicates before reporting.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers