Apache developers are trying to fix the vulnerability in the proxy http://ping.fm/wSZlA