The Apache Project have announced that versions of Apache/2.0 up to and including Apache/2.0.44 are vulnerable to a denial of service attack. To fix the problem, the project has released Apache/2.0.45 which is available for download.

People running Apache servers should note that the vulnerability only applies to Apache/2.0 and not Apache/1.3. In this respect the bug is not a big threat to the stability of the web – it is a denial of service rather than a remote compromise and the number of sites running Apache/2.0 is relatively small. Almost 99% of Apache sites are on Apache/1.3 or earlier.