A DoS attack against number of http servers is available and has hit
slashdot today:
http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released

Out of the box nginx is also vulnerable (I have tested it on latest 0.7
installation). A quick fix for the vulnerability follows:

Put in "http" section:

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 10;
send_timeout 10;
limit_zone limit_per_ip $binary_remote_addr 1m;

and put in "server" section :

limit_conn limit_per 16;

The last 2 configuration lines are for limiting connections per client
IP. This fist lines are same sane connection timeouts.

Best regards and keep the great work!