Apache maintains a list of vulnerabilities by version: https://httpd.apache.org/security/
One such threat was , a core module flaw affecting versions prior to 2.4.17. This issue involved the ap_some_auth_required function, which incorrectly handled authentication requirements. It could allow an attacker to bypass intended access restrictions if the server configuration used "satisfy any" directives or complex authorization logic. While 2.4.18 technically addressed this, the timing was narrow, and many administrators upgrading from much older versions (like 2.2.x) to the newer 2.4 branch often missed the nuance of configuration changes required to fully secure the server. apache httpd 2.4.18 vulnerability
In Apache versions 2.4.17 through 2.4.18, the mod_cgid module failed to properly handle the termination of CGI scripts. The vulnerability allowed a remote attacker to cause a Denial of Service (DoS). Specifically, if a CGI script was killed or terminated abruptly, the module might fail to correctly close the pipe or socket connection to that script. This resulted in a "zombie" process or a resource leak that could eventually exhaust the server’s available process slots or file descriptors. Apache maintains a list of vulnerabilities by version:
If using a managed distribution like Ubuntu, ensure you have applied all security updates provided by the vendor. While 2