Description
mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.15.2)
WordPress Plugin oQey Headers 'oqey_settings.php' SQL Injection (0.3)
MediaWiki Resource Management Errors Vulnerability (CVE-2015-2937)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (7.1.12)
Apache HTTP Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-6420)