Possible crash when parsing Auth-Digest header ================================================ Description ------------- A typo in the header parsing code leads to access of memory outside of the original boundaries and later in the function to memory corruption. Under very complex situations remote code execution might be possible. mod_auth is not loaded by default and it needs to be configured to be used. Bug reported by Stefan Esser. Affected versions ------------------- All previous versions. Solutions or Workaround ------------------------- There is no known workaround. Please update to 1.4.16 or apply lighttpd-1.4.x_mod_auth_sec.patch. The patch fixes also: lighttpd_sa2007_04 lighttpd_sa2007_05 lighttpd_sa2007_06 lighttpd_sa2007_07