The Apache open-source project has patched its Web server software and killed off a  bug that a denial-of-service (DoS) tool has been exploiting.

Apache 2.2.20 has been released and fixes a hole which the "Apache Killer," attack tool has been exploiting to cripple Web servers. Project developers had promised a fix within 48 hours, then had to extend it.

Apache Project is advising people to upgrade straight away. Although the DoS vulnerability also exists in the older Apache 1.3, the project no longer supports that edition and they should have upgraded aeons ago.

Apache said that it was not all its fault as part of the problem lies in the HTTP protocol. The project has been praised by insecurity experts for coming up with a fix so quickly.