A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPd server. Both the 1.3 and 2.x releases are affected. An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
5d5a40e4d8f57c587755cd3f5ff822e2259dd225fa37f5f99b5edcce51cf091d
Apache httpd remote denial of service memory exhaustion exploit.
5fdda8b150aea034561a2b99bc1c71da2c6f225ee078695da41e6e725f0e4a7d