The Apache project has updated its advisory on the recently-disclosed denial-of-service vulnerability. The news is not good: the scope of the vulnerability has grown, the workarounds have become more complex, and there is still no fix available. “There are two aspects to this vulnerability. One is new, is Apache specific; and resolved with this server side fix. The other issue is fundamentally a protocol design issue dating back to 2007.“
Read more at LWN
