Search for vulnerabilities
Vulnerability details: VCID-ksem-5c87-aaam
Vulnerability ID VCID-ksem-5c87-aaam
Aliases CVE-2008-1531
Summary The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.02296 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03615 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.03789 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09029 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.09965 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.24218 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.24218 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.25359 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
epss 0.25359 https://api.first.org/data/v1/epss?cve=CVE-2008-1531
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=439066
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-1531
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1531.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1531
https://bugs.gentoo.org/show_bug.cgi?id=214892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531
http://secunia.com/advisories/29505
http://secunia.com/advisories/29544
http://secunia.com/advisories/29636
http://secunia.com/advisories/29649
http://secunia.com/advisories/30023
http://security.gentoo.org/glsa/glsa-200804-08.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/41545
https://issues.rpath.com/browse/RPL-2407
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html
http://trac.lighttpd.net/trac/changeset/2136
http://trac.lighttpd.net/trac/changeset/2139
http://trac.lighttpd.net/trac/changeset/2140
http://trac.lighttpd.net/trac/ticket/285#comment:18
http://trac.lighttpd.net/trac/ticket/285#comment:21
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132
http://www.debian.org/security/2008/dsa-1540
http://www.osvdb.org/43788
http://www.securityfocus.com/archive/1/490323/100/0/threaded
http://www.securityfocus.com/bid/28489
http://www.vupen.com/english/advisories/2008/1063/references
439066 https://bugzilla.redhat.com/show_bug.cgi?id=439066
475438 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475438
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVE-2008-1531 https://nvd.nist.gov/vuln/detail/CVE-2008-1531
GLSA-200804-08 https://security.gentoo.org/glsa/200804-08
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1531
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83272
EPSS Score 0.02296
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.