Support looked into this and it does not appear to be a concern. The vulnerability is not with lighttpd itself but the ability to pass a header to dynamic server sides scripts. From their internal checking this isn't a concern with the way it is configured on the MX.
... View more
