FreeBSD Local Security Checks : FreeBSD Ports: lighttpd

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60834

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: lighttpd

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: lighttpd

CVE-2008-1531
The connection_state_machine function (connections.c) in lighttpd
1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to
cause a denial of service (active SSL connection loss) by triggering
an SSL error, such as disconnecting before a download has finished,
which causes all active SSL connections to be lost.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1531
BugTraq ID: 28489
http://www.securityfocus.com/bid/28489
Bugtraq: 20080331 rPSA-2008-0132-1 lighttpd (Google Search)
http://www.securityfocus.com/archive/1/490323/100/0/threaded
Debian Security Information: DSA-1540 (Google Search)
http://www.debian.org/security/2008/dsa-1540
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html
http://security.gentoo.org/glsa/glsa-200804-08.xml
http://trac.lighttpd.net/trac/ticket/285#comment:18
http://trac.lighttpd.net/trac/ticket/285#comment:21
http://www.osvdb.org/43788
http://secunia.com/advisories/29505
http://secunia.com/advisories/29544
http://secunia.com/advisories/29636
http://secunia.com/advisories/29649
http://secunia.com/advisories/30023
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://www.vupen.com/english/advisories/2008/1063/references
XForce ISS Database: lighttpd-sslerror-dos(41545)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41545

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60834
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: lighttpd
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: lighttpd CVE-2008-1531 The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1531 BugTraq ID: 28489 http://www.securityfocus.com/bid/28489 Bugtraq: 20080331 rPSA-2008-0132-1 lighttpd (Google Search) http://www.securityfocus.com/archive/1/490323/100/0/threaded Debian Security Information: DSA-1540 (Google Search) http://www.debian.org/security/2008/dsa-1540 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html http://security.gentoo.org/glsa/glsa-200804-08.xml http://trac.lighttpd.net/trac/ticket/285#comment:18 http://trac.lighttpd.net/trac/ticket/285#comment:21 http://www.osvdb.org/43788 http://secunia.com/advisories/29505 http://secunia.com/advisories/29544 http://secunia.com/advisories/29636 http://secunia.com/advisories/29649 http://secunia.com/advisories/30023 SuSE Security Announcement: SUSE-SR:2008:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://www.vupen.com/english/advisories/2008/1063/references XForce ISS Database: lighttpd-sslerror-dos(41545) https://exchange.xforce.ibmcloud.com/vulnerabilities/41545
Copyright	Copyright (C) 2008 E-Soft Inc.