Webmasters should ensure they apply the forthcoming security patch to protect their web server environments:

Apache Web Server – New DoS Attack Vulnerability
http://blog.eset.com/2011/08/26/dos-apache-killer
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/thread

QUOTE: Amidst a lack of fanfare this past weekend on a mailing list, a memory exhaustion hack popped up for the Apache webserver that may result in a Denial-of-Service (DoS) style attack. Since the Apache application serves up north of 65% of the websites on the internet, a plausible attack becomes quite an issue, especially if it gets much traction before a patch can be released.

Still, some Apache web servers have been humming along untouched for years without much oversight, and may not receive patches as quickly as the hack spreads, representing a potentially widespread attack surface in the meantime. The posting says “An attack tool is circulating in the wild. Active use of this tools has been observed.” The nice thing is how proactive the Apache Foundation has been since it was brought to their attention.