This vulnerability is a serious remote exploit that provides code execution from unauthenticated attackers. The exploit allows attackers to inject commands in the Content-Type: field of the HTTP header.
RedShield already blocks attacks attempting to use this exploit as they are recognised as code injection and malformed HTTP requests. All customers in BLOCKING mode are already protected.
Security advisory from Apache: https://cwiki.apache.org/confluence/display/WW/S2-045
RedShield has seen attempts of attacks which would download executables and try to turn off local host based firewalls (iptables).
Comments