A remote attacker can crash an apache server or obtain sensitive information from the host by performing a maliciously-crafted HTTP request. In addition, a malicious attacker can bypass a server's authentication requirements via maliciously-crafted request headers.