When Apache was sent the following lines using telnet: GET / HTTP/1.1 Host: whatever.hostname.com Expect: %8p It "hangs" for some period of time, and if this is automated in a script the server stops accepting new connections for the period of time it takes to "process" the requests. As of now I have tested it with version 2.0.54-r31 of Gentoo with the hardened USE flag turned on and on OpenBSD 3.8 (don't remember the version here though).
This is because httpd is waiting for more header data. Please lower the value of TimeOut (default 300 seconds) to mitigate this problem. In general this can happen with lots of other incompletely sent header situations.
Not a security bug because the request does timeout. But not a proper response to the request either. httpd should give an immediate error rather than waiting.
A patch was checked into trunk as r370172 (http://svn.apache.org/viewcvs.cgi?rev=370172&view=rev). Patch: http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/server/protocol.c?p2=%2Fhttpd%2Fhttpd%2Ftrunk%2Fserver%2Fprotocol.c&p1=httpd%2Fhttpd%2Ftrunk%2Fserver%2Fprotocol.c&r1=370172&r2=370171&rev=370172&view=diff&makepatch=1&diff_format=u
Created attachment 17481 [details] Improved patch against 2.2.x
Backported to 2.2.1 as r390503 (http://svn.apache.org/viewcvs?rev=390503&view=rev).