CVE-2013-4508

2013-11-08T00:00:00
ID UB:CVE-2013-4508
Type ubuntucve
Reporter ubuntu.com
Modified 2013-11-08T00:00:00

Description

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

Bugs

  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480>
  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729555>

Notes

Author| Note
---|---
jdstrand | beware of regression in Debian bugs #729480 and #729555 fixed in r2925 upstream