A denial-of-service vulnerability exists in Lighttpd server. This vulnerability is due to improper handling of URL when url-path-2f-decode is enabled. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful exploitation of this vulnerability could result in denial-of-service condition on the target server.
You can read the full article here.