Denial of service of ssl connections
======================================

 Description
-------------

lighttpd 1.4.19, and possibly other versions before 1.5.0, does not handle ssl errors
properly, which allows a remote attacker to shutdown another ssl connection by
triggering such errors (for example disconnecting before a download has finished).

http://trac.lighttpd.net/trac/ticket/285

 Affected versions
-------------------

all versions before 1.4.20

 Solutions or Workaround
-------------------------

Don't use ssl. Upgrade to 1.4.20 or apply
lighttpd-1.4.19_fix_ssl_dos.patch

This bug is tracked as CVE-2008-1531.