Ubuntu
lighttpd package

[lighttpd] [CVE-2008-1531] DoS vulnerability via incorrectly handled SSL errors

Bug #214975 reported by disabled.user on 2008-04-10

This bug report is a duplicate of: Bug #209627: lighttpd (security) ssl fix. Edit Remove

256

Affects		Status	Importance	Assigned to	Milestone
	lighttpd (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: lighttpd

References:
DSA-1540-1 (http://www.debian.org/security/2008/dsa-1540)

Quoting:
"It was discovered that lighttpd, a fast webserver with minimal memory
footprint, was didn't correctly handle SSL errors. This could allow
a remote attacker to disconnect all active SSL connections."

CVE References

2008-1531

Revision history for this message

William Grant (wgrant) wrote on 2008-04-10:

In future, please check https://launchpad.net/bugs/cve/CVE-XXXX-XXXX for duplicates first, as they might not be visible in Ubuntu lists due to being fixed in all releases.

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2008-04-10:

Will do so, didn't know this browse-by-CVE-feature since now. That's why I try to have related CVEs in the summaries of new reports, so that Launchpad's "Is the bug you’re reporting one of these?"-feature may find duplicates before reporting.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #209627 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulighttpd package