CVE-2013-4508

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

Date published : 2013-11-07

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt

http://redmine.lighttpd.net/issues/2525