The Apache Software Foundation has released security update for Apache HTTP Server to address multiple security vulnerabilities (CVE-2024-40725, CVE-2024-40898, CVE-2024-39884, CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573). A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass, sensitive information disclosure and denial of service condition on an affected system. These issues affect Apache HTTP Server 2.4.62 and prior versions. These vulnerabilities have been fixed in Apache HTTP Server 2.4.62.

More information on vulnerabilities and update is available in the Apache’s release note – apache.org