Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
http://www.vupen.com/english/advisories/2006/3263
http://www.securityfocus.com/bid/5996
http://www.securityfocus.com/bid/5995
http://www.securityfocus.com/bid/5887
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
http://www.iss.net/security_center/static/10281.php
http://www.debian.org/security/2002/dsa-195
http://www.debian.org/security/2002/dsa-188
http://www.debian.org/security/2002/dsa-187
http://www.apacheweek.com/issues/02-10-04
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
http://secunia.com/advisories/21425
http://online.securityfocus.com/advisories/4617
http://marc.info/?l=bugtraq&m=103376585508776&w=2
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html