Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.
https://www.exploit-db.com/exploits/8148
http://www.vupen.com/english/advisories/2009/0590
http://www.securityfocus.com/bid/33834
http://www.openwall.com/lists/oss-security/2009/02/19/1
http://www.debian.org/security/2009/dsa-1740