Zerimar writes: A signficant flaw in Apache that can lead to a fairly trivial DoS attack is in the wild. Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid are confirmed vulnerable, while IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable. As of this writing, Apache Foundation does not have a patch availble.
If I were a grave-digger or even a hangman, there are some people I could
work for with a great deal of enjoyment.
-- Douglas Jerrold