Description
mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.
Remediation
References
Related Vulnerabilities
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2026-33033)
WordPress Plugin Bulk Page Creator Cross-Site Scripting (1.0.9)
Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)