|Category:||FreeBSD Local Security Checks|
|Title:||FreeBSD Ports: lighttpd|
|Summary:||FreeBSD Ports: lighttpd|
The remote host is missing an update to the system
as announced in the referenced advisory.
The following package is affected: lighttpd
The connection_state_machine function (connections.c) in lighttpd
1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to
cause a denial of service (active SSL connection loss) by triggering
an SSL error, such as disconnecting before a download has finished,
which causes all active SSL connections to be lost.
Update your system with the appropriate patches or
BugTraq ID: 28489|
Common Vulnerability Exposure (CVE) ID: CVE-2008-1531
Bugtraq: 20080331 rPSA-2008-0132-1 lighttpd (Google Search)
Debian Security Information: DSA-1540 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
XForce ISS Database: lighttpd-sslerror-dos(41545)
|Copyright||Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58880 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.