Grave apache dos possible through byterange requests
it is possible to dos a actual squeeze-apache2 with easy to forge rage-requests:
Apache-devs are working on a solution:
But because the situation seems serious I thought I give you a heads up.
Running this script against a squeeze machine with 8 Cores and 24GB Ram you only need 200 threads to kick it out of memory.