Executive Summary

Informations
Name CVE-2008-1531 First vendor Publication 2008-03-27
Vendor Cve Last vendor Modification 2018-10-31

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19996
 
Oval ID: oval:org.mitre.oval:def:19996
Title: DSA-1540-1 lighttpd
Description: It was discovered that lighttpd, a fast webserver with minimal memory footprint, didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.
Family: unix Class: patch
Reference(s): DSA-1540-1
CVE-2008-1531
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): lighttpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7944
 
Oval ID: oval:org.mitre.oval:def:7944
Title: DSA-1540 lighttpd -- denial of service
Description: It was discovered that lighttpd, a fast webserver with minimal memory footprint, didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.
Family: unix Class: patch
Reference(s): DSA-1540
CVE-2008-1531
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): lighttpd
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 73
Os 1

OpenVAS Exploits

Date Description
2009-02-17 Name : Fedora Update for lighttpd FEDORA-2008-3343
File : nvt/gb_fedora_2008_3343_lighttpd_fc7.nasl
2009-02-17 Name : Fedora Update for lighttpd FEDORA-2008-3376
File : nvt/gb_fedora_2008_3376_lighttpd_fc8.nasl
2009-02-17 Name : Fedora Update for lighttpd FEDORA-2008-4119
File : nvt/gb_fedora_2008_4119_lighttpd_fc9.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-08 (lighttpd)
File : nvt/glsa_200804_08.nasl
2008-09-04 Name : FreeBSD Ports: lighttpd
File : nvt/freebsd_lighttpd4.nasl
2008-08-15 Name : Debian Security Advisory DSA 1540-3 (lighttpd)
File : nvt/deb_1540_3.nasl
2008-04-21 Name : Debian Security Advisory DSA 1540-1 (lighttpd)
File : nvt/deb_1540_1.nasl
2008-04-21 Name : Debian Security Advisory DSA 1540-2 (lighttpd)
File : nvt/deb_1540_2.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
43788 lighttpd Cross-user Forced SSL Session Termination DoS

Nessus® Vulnerability Scanner

Date Description
2008-10-03 Name : The remote web server is affected by multiple vulnerabilities.
File : lighttpd_1_4_20.nasl - Type : ACT_GATHER_INFO
2008-05-20 Name : The remote Fedora host is missing a security update.
File : fedora_2008-4119.nasl - Type : ACT_GATHER_INFO
2008-05-02 Name : The remote openSUSE host is missing a security update.
File : suse_lighttpd-5216.nasl - Type : ACT_GATHER_INFO
2008-05-01 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3343.nasl - Type : ACT_GATHER_INFO
2008-05-01 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3376.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_1ac77649090811dd974d000fea2763ce.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-08.nasl - Type : ACT_GATHER_INFO
2008-04-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1540.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/28489
BUGTRAQ http://www.securityfocus.com/archive/1/490323/100/0/threaded
CONFIRM http://trac.lighttpd.net/trac/changeset/2136
http://trac.lighttpd.net/trac/changeset/2139
http://trac.lighttpd.net/trac/changeset/2140
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132
https://bugs.gentoo.org/show_bug.cgi?id=214892
https://issues.rpath.com/browse/RPL-2407
DEBIAN http://www.debian.org/security/2008/dsa-1540
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html
GENTOO http://security.gentoo.org/glsa/glsa-200804-08.xml
MISC http://trac.lighttpd.net/trac/ticket/285#comment:18
http://trac.lighttpd.net/trac/ticket/285#comment:21
OSVDB http://www.osvdb.org/43788
SECUNIA http://secunia.com/advisories/29505
http://secunia.com/advisories/29544
http://secunia.com/advisories/29636
http://secunia.com/advisories/29649
http://secunia.com/advisories/30023
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
VUPEN http://www.vupen.com/english/advisories/2008/1063/references
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/41545

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2022-09-15 12:06:36
  • Multiple Updates
2022-06-18 01:06:31
  • Multiple Updates
2021-05-05 01:04:38
  • Multiple Updates
2021-05-04 12:07:20
  • Multiple Updates
2021-04-22 01:07:45
  • Multiple Updates
2020-05-23 01:39:18
  • Multiple Updates
2020-05-23 00:21:30
  • Multiple Updates
2018-10-31 21:20:05
  • Multiple Updates
2018-10-12 00:20:18
  • Multiple Updates
2017-08-08 09:23:58
  • Multiple Updates
2016-06-28 17:13:12
  • Multiple Updates
2016-04-26 17:15:47
  • Multiple Updates
2014-02-17 10:44:26
  • Multiple Updates
2013-05-11 00:13:45
  • Multiple Updates