memory leak in request header handling ======================================== Description ------------- lighttpd 1.4.19 does not always release a header if it triggered a 400 (Bad Request) due to a duplicate header. http://trac.lighttpd.net/trac/ticket/1774 Affected versions ------------------- all versions before 1.4.20 Fixed in ---------- 1.4.x: http://trac.lighttpd.net/trac/changeset/2305 Solutions or Workaround ------------------------- There is no workaround. Upgrade to 1.4.20 or apply lighttpd-1.4.x_request_header_memleak.patch This bug is tracked as CVE-2008-4298.