Denial of service of ssl connections ====================================== Description ------------- lighttpd 1.4.19, and possibly other versions before 1.5.0, does not handle ssl errors properly, which allows a remote attacker to shutdown another ssl connection by triggering such errors (for example disconnecting before a download has finished). http://trac.lighttpd.net/trac/ticket/285 Affected versions ------------------- all versions before 1.4.20 Solutions or Workaround ------------------------- Don't use ssl. Upgrade to 1.4.20 or apply lighttpd-1.4.19_fix_ssl_dos.patch This bug is tracked as CVE-2008-1531.