A denial of service flaw was reported in httpd's mod_dav module. The exploit was poasted to milw0rm: http://www.milw0rm.com/exploits/8842
This exploit works on RHEL5 without any auth enabled. I've not yet tried it elsewhere.
*** This bug has been marked as a duplicate of bug 504555 ***