Fragen? Antworten! Siehe auch: Alternativlos
Fortunately Apache developer Jacob Champion digged into it and figured out what was going on: Apache supports a configuration directive Limits that allows restricting access to certain HTTP methods to a specific user. And if one sets the Limit directive in an .htaccess file for an HTTP method that's not globally registered in the server then the corruption happens. After that I was able to reproduce it myself. Setting a Limit directive for any invalid HTTP method in an .htaccess file caused a use after free error in the construction of the Allow header which was also detectable with Address Sanitizer.