According to the exploit author: "Because it will cause greate damage,I can't give you the POC,instead a tip.The r->count is a 8 bit data,if you try to increase the r->main->count to more then 256,then it will exec ngx_http_free_request(r, rc) and ngx_http_close_connection(c),so when goto ngx_http_close_connection again,the segment fault happens. Easy patch to modify src\httpby bender - Ideas and Feature Requests
netstat -anp | grep -c nginx or to be more specific netstat -anp | grep ":80" | grep -c nginxby bender - Ideas and Feature Requests
Is anyone looking into this one? http://packetstormsecurity.com/files/121416/nginx-Integer-Overflow.htmlby bender - Ideas and Feature Requests