The connection_state_machine function (connections.c) in lighttpd 1.4.19 and previous versions, and 1.5.x prior to 1.5.0, allows remote malicious users to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lighttpd lighttpd |
||
debian debian linux 4.0 |