The Apache Software Foundation has released security update for Apache HTTP Server to address multiple security vulnerabilities (CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813). A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, information disclosure and security restriction bypass on the targeted system. These issues affect Apache HTTP Server 2.4.53 and prior versions. These vulnerabilities have been fixed in Apache HTTP Server 2.4.54.

More information on vulnerabilities and update is available in the Apache’s release note – apache.org.