From Bob Beck@21:1/5 to All on Thu Feb 2 15:40:02 2017
An issue has been identified whereby httpd(8) could be subject to a denial
of service attack. Repeated crafted requests could be made from a client
using file-range requests, making the server consume excessive amounts of memory.
This issue has been fixed in current. For 5.9 and 6.0 the following errata
will disable range header processing in httpd(8) to prevent the problem.