An attack tool that enables a hacker to take down Apache servers is being used in the wild, Apache has warned.
The default Apache HTTPD installation is vulnerable to the 'Apache Killer' denial-of-service tool, Apache said in an advisory on Wednesday.
"An attack tool is circulating in the wild. Active use of this tools has been observed," said the advisory. "The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server."
The tool was publicised on the Full Disclosure mailing list on Saturday.
Apache developers are working on a fix, and have come up with a workaround.