February 01, 2010
Li Ming reported a serious bug in lighttpd:
If you send the request data very slow (e.g. sleep 0.01 after each byte), lighttpd will easily use all available memory and die (especially for parallel requests), allowing a DoS within minutes.
The bug is tracked as CVE-2010-0295.
As far as we know all versions are affected.