Passing an overly long string to the apr_psprintf() APR library function that is used by the Apache HTTP Server could cause an application to reference memory that should have already been returned to the heap allocation pool.
The remote denial of service aspect of this vulnerability can be exploited if a remote attacker is able to pass large strings to the vulnerable function, as is the case in the mod_dav attack vector, where a specially crafted XML object request of approximately 12250 bytes crashed HTTP Server running on a non-Windows OS; approximately 20000 characters crashed it on a Windows OS.
Applications that rely on older versions of APR are vulnerable. Both the Windows and Unix implementations of Apache HTTP Server 2.0.37 through 2.0.45 inclusive are vulnerable.
For details, see http://www.idefense.com/advisory/05.30.03.txt.