DOS with files with mtime 0
=============================

 Description
-------------

Lighttpd caches the rendered string for mtime. The cache key has as a default
value 0.  At that point the pointer to the string are still NULL. If a file
with an mtime of 0 is requested it tries to access the pointer and crashes.

The bug requires that a malicious user can either upload files or manipulate
the mtime of the files.

The bug was reported by cubiq and fixed by Marcus Rueckert.

 Affected versions
-------------------
all 1.4.x most likely 1.3.x and previous versions aswell.

 Solutions or Workaround
-------------------------
There is no known workaround. Please update to 1.4.14 or apply
lighttpd-1.4.x_zero_mtime_crash.patch


This bug is tracked as CVE-2007-1870.