A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server:
An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).
Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project Web site.
Apache HTTPD Security ADVISORY
WordPress Plugin ImageDrop 'ImageDrop.php' Blind SQL Injection (1.1.2)
WordPress Plugin WooCommerce Checkout Manager Cross-Site Request Forgery (4.3)
WordPress Plugin Helpful Information Disclosure (4.5.25)
WordPress Plugin Sendit WP Newsletter 'id' Parameter SQL Injection (2.1.0)