The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 4.0 | 4.0.x |
lighttpd / lighttpd | - | 1.4.19.x |
lighttpd / lighttpd | 1.5 | 1.5.0 |