Description
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
Remediation
References
Related Vulnerabilities
WordPress Plugin RSVPMaker SQL Injection (9.3.2)
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more PHAR Deserialization (2.9.8.5)
WordPress Plugin WP24 Domain Check Cross-Site Scripting (1.6.2)
ownCloud Other Vulnerability (CVE-2014-2056)
Microsoft SQL Server Improper Input Validation Vulnerability (CVE-1999-0999)