Some kind guy sent to me the next information. This WAS NOT revised or audited by the author, but it could help other people. So, enjoy!: ############################################################### mod_access_referer contains a null-pinter dereferences vulnerability that may possibly be used in denial of service attacks. While the impact of this vulnerability is considered low-risk, we advise you to apply the following patch: --- mod_access_referer.c.org Wed Apr 9 19:27:00 2003 +++ mod_access_referer.c Wed Apr 9 19:36:20 2003 @@ -492,6 +492,10 @@ (r->headers_in, "Referer"), &uptr); + if(uptr.hostname == NULL) { + return 0; + } + if (!is_ip (uptr.hostname)) { /* XX resolv the domain name */ got_refererhost_ip = 1;