Nasty Apache denial of service vulnerability

Let's not get ahead of ourselves, the Apache advisory itself says that some of the POC / test scripts don't actually work on a typical out-of-box install, not because it isn't vulnerable, but because they're making bad assumptions. Real bad guys could fix this, but obviously the Apache team isn't going to spell out how.

If we look at Red Hat's security numbers we see that a significant number of POCs fail out-of-box against RHEL, but a knowledgeable hacker could fix them because RHEL was actually vulnerable. This means you're safer than you might appear to be against script kiddies (who won't know how) but could get a false sense of security if your adversaries are sophisticated. The same probably applies here to Apache on OpenBSD.