Apache HTTP Server update fixes remote DoS issue - Update
The Apache HTTP Server developers have released version 2.2.18 of the eponymous web server as a bug fix and security fix release. The security fix is needed because of a vulnerability to a Denial of Service (DoS) attack; the vulnerability is rated as moderate.
A bug in Apache Portable Runtime's (APR) apr_fnmatch() function could be provoked into triggering recursive string matching and thus causing excessive CPU usage and exhausting memory.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump