Source: http://it.slashdot.org/article.pl?sid=05/07/08/0453212Slashdot wrote:"Whitedust is reporting on a HTTP request smuggling vulnerability in Apache. The flaw apparently allows attackers to piggy back valid HTTP requests over the 'Content-Length:' header, which can result in cache poisoning, cross-site scripting, session hijacking and other various kinds of attack. This flaw affects most of the 2.0.x branch of Apache's HTTPD server."
For details: http://www.whitedust.net/speaks/825/Apa ... erability/
Apache 1.3.x is apparently safe
Apache 2.16 has the fix