Vulnerabilities > CVE-2008-1531

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3343.NASL
    descriptionThis update fixes a bug where a user could kill another user
    last seen2020-06-01
    modified2020-06-02
    plugin id32094
    published2008-05-01
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32094
    titleFedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIGHTTPD-5216.NASL
    descriptionAn error in one SSL connection could lead to termination of all SSL connections (CVE-2008-1531)
    last seen2020-06-01
    modified2020-06-02
    plugin id32129
    published2008-05-02
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32129
    titleopenSUSE 10 Security Update : lighttpd (lighttpd-5216)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL
    descriptionSecunia reports : A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of lighttpd by terminating one SSL connection.
    last seen2020-06-01
    modified2020-06-02
    plugin id31953
    published2008-04-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31953
    titleFreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-08 (lighttpd: Multiple vulnerabilities) Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the
    last seen2020-06-01
    modified2020-06-02
    plugin id31955
    published2008-04-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31955
    titleGLSA-200804-08 : lighttpd: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3376.NASL
    descriptionThis update fixes a bug where a user could kill another user
    last seen2020-06-01
    modified2020-06-02
    plugin id32100
    published2008-05-01
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32100
    titleFedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1540.NASL
    descriptionIt was discovered that lighttpd, a fast webserver with minimal memory footprint, didn
    last seen2020-06-01
    modified2020-06-02
    plugin id31810
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31810
    titleDebian DSA-1540-1 : lighttpd - denial of service
  • NASL familyWeb Servers
    NASL idLIGHTTPD_1_4_20.NASL
    descriptionAccording to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost. (CVE-2008-1531) - A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298) - A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data. (CVE-2008-4359) - A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id34332
    published2008-10-03
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34332
    titlelighttpd < 1.4.20 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-4119.NASL
    descriptionThis update fixes a bug where a user could kill another user
    last seen2020-06-01
    modified2020-06-02
    plugin id32386
    published2008-05-20
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32386
    titleFedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 28489 CVE(CAN) ID: CVE-2008-1531 Lighttpd是一款轻型的开放源码Web Server软件包。 lighttpd没有正确地清除OpenSSL错误队列,如果远程攻击者可以触发SSL错误的话,如在下载结束前断开连接,lighttpd就可能断开所有活动的SSL连接。 LightTPD 1.4.19 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1540-2)以及相应补丁: DSA-1540-2:New lighttpd packages fix denial of service 链接:<a href=http://www.debian.org/security/2008/dsa-1540 target=_blank>http://www.debian.org/security/2008/dsa-1540</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.diff.gz target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.diff.gz</a> Size/MD5 checksum: 37420 89efdab79fcbac119000a64cab648fcd <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz</a> Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.dsc target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.dsc</a> Size/MD5 checksum: 1098 87a04c4e704dd7921791bc44407b5e0e Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch8_all.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch8_all.deb</a> Size/MD5 checksum: 99618 ae68b64b7c0df0f0b3a9d19b87e7c40a amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 297300 19f5b871d2a9a483e1ecdaa2325c45cb <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 63586 750cf5f5d7671986b195366f2335c9cc <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 63884 72ee2b52772010ae7c63a0a2b4761ff5 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 59138 45672a1a3af65311693a3aee58be5566 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 69890 b84d4ea8c9af282e2aeeb5c05847a95a <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 60742 f48ef372b71be1b2683d03b411c7e7cf hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 59896 60a4e61e9b5e2bafbf53474d677b36bb <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 323946 642f46921f99dfdf8e52ed3777847cbc <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 61890 4feb260d9f611c26979872b49b09ebc1 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 65000 2ce28ddd20bcd1bf407e14bae053537b <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 72946 33c93c114c3807d63bb18a5a9b3f33b9 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 65520 82a4460351af3d4c8b9d84ec831bd006 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 63884 96876134f02cf6b3c5079d5deecca7d9 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 59086 f928fd96f37229e72661fa7140a0daa9 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 289088 477ce333d4a1b9f506645ff22193191f <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 70932 90cd2be30fb0f0e0ff97820e1b8c19f1 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 63690 f5c320e1f272a52ec9354b27f5c36082 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 60846 0f30b9acbc10ec2c648edf19b8e41178 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 67508 8d853ada8818a91fa022e0dd52c19edf <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 63054 22a7de81eb0ec31a95632eb555a888c1 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 77062 04cffb6683e4a3c92f5f48e8d2df5dd8 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 67366 0f9272c16ab8cf4e75129f5a3eaa5d71 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 403358 aefa2c83a3baf3ee9ae8ba1c6629e22e <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 61176 ea0d6334ab0904bddbbe9cf90a72ba9e mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 62658 8799ed08b706281b21814f559f858be9 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 58572 7520f8302f2e0cb1ceed528d01c1aea7 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 62526 c75ac1e607ebcbc95ed03e8adb088dec <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 296088 f05c1b65de0bb165c1fa8ef749c1f60c <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 59960 76b2266c789cad50fae1d751cc2be88c <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 69236 61394a59d58c8f5f5c721a4085fee51e mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 59282 56363403b07fd8bb4ec4628c4607cd8b <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 63368 f8378c36175b9b3f87f038f45cad5e4d <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 70020 e7b073ea24c3de3404f69ad8dbdd43df <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 60762 cdb8770285645d0ea048b02fb866f63a <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 63542 c5a4b5467b6917a7065e1ef6a57fd3a2 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 297260 1d3b8cac9795b18e231e5f99a25d9f3b powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 71762 4465577bc817611ca87c7f21bc0d2642 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 65390 ac39f8d16559e8a4e8bd09a274c58895 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 65114 844e63058ca4968673e652684c37c309 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 323818 11066e5afd416b95a825212056d6d493 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 62462 4eeb054f0838cd87f8ff21b798dd1110 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 60644 0b547baa6b634ee3e606f58a1b503f26 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 307236 828090c5177429f28bdfcdc653aff701 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 64244 df43829d7d3a6cb956444e6c4123af6f <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 59580 f2d8a504078229d6a9c90ca2312736f2 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 61082 c73356530cb3936b5eaf0fa09b941bff <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 71368 15a98ad24b35b3a4461748b31d2408a7 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 64632 2e037627c148aaa336465a89f9b6cc99 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200804-08)以及相应补丁: GLSA-200804-08:lighttpd: Multiple vulnerabilities 链接:<a href=http://security.gentoo.org/glsa/glsa-200804-08.xml target=_blank>http://security.gentoo.org/glsa/glsa-200804-08.xml</a> 所有lighttpd用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose &quot;&gt;=3Dwww-servers/lighttpd-1.4.19-r=2&quot; LightTPD -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://trac.lighttpd.net/trac/changeset/2136 target=_blank>http://trac.lighttpd.net/trac/changeset/2136</a> <a href=http://trac.lighttpd.net/trac/changeset/2139 target=_blank>http://trac.lighttpd.net/trac/changeset/2139</a>
idSSV:3182
last seen2017-11-19
modified2008-04-17
published2008-04-17
reporterRoot
titleLighttpd SSL错误拒绝服务漏洞

References