I have forgotten the most important effect of the bug. Apache don't register the attacker's request in the log files (access and error DON'T report the string, the error or other information about the event). This is very useful for the attacker for run remote commands or open idle connections without the danger of be logged.
