Mitd

**Name of the Vulnerable Software and Affected Versions** Lighttpd versions 1.4.56 through 1.4.58 **Description** The issue allows a remote attacker to cause a denial of service due to CPU consumption from stuck connections. This is because a typo in the `connection read header more` function in `connections.c` disrupts the use of multiple read operations on large headers. An unauthorized attacker can send an HTTP request with a URL that exceeds the maximum URL length, leading to a denial of service. **Recommendations** For versions 1.4.56 through 1.4.58, update to a version that fixes the typo in the `connection read header more` function to prevent the denial of service issue. As a temporary workaround, consider restricting the maximum allowed URL length to prevent exploitation until a patch is available.