Possible DOS with invalid digest auth requests ================================================ Description ------------- If parameters for an Auth-Digest request are missing a copied string is not freed. This can lead to an out of memory situation. mod_auth is not loaded by default and it needs to be configured to be used. Bug reported by Stefan Esser. Affected versions ------------------- All previous versions. Solutions or Workaround ------------------------- There is no known workaround. Please update to 1.4.16 or apply lighttpd-1.4.x_mod_auth_sec.patch. The patch fixes also: lighttpd_sa2007_04 lighttpd_sa2007_05 lighttpd_sa2007_06 lighttpd_sa2007_07