lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531)