CVE-2008-1531
lighttpd
EPSS 3.9%
Description
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
How to fix CVE-2008-1531
To remediate CVE-2008-1531, upgrade the affected package to a fixed version below.
- Debian/lighttpd—upgrade to 1.4.19-2 or later
- Debian/lighttpd—upgrade to 1.4.13-4etch7 or later
Is CVE-2008-1531 being exploited?
Low — EPSS is 3.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.19-2
- from 0, < 1.4.13-4etch7