PublicDate: 2007-07-24 00:30:00 UTC
Candidate: CVE-2007-3946
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3946
Description:
 mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to
 cause a denial of service (daemon crash) via unspecified vectors involving
 (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded
 strings, and (4) trailing whitespace in the Auth-Digest header.
Ubuntu-Description: 
Notes: 
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs: 
dapper_lighttpd: released (1.4.11-3ubuntu3.5)
edgy_lighttpd: released (1.4.13~r1370-1ubuntu1.3)
feisty_lighttpd: released (1.4.13-9ubuntu4.2)
gutsy_lighttpd: not-affected
devel_lighttpd: not-affected
upstream_lighttpd: released (1.4.16)