Apache 2.4.18 Jun 2026
Prevents denial of service risks within mod_auth_digest . Recommended Hardening Configuration
By late 2015, the web was undergoing significant changes. HTTP/2 was on the horizon, TLS (Transport Layer Security) was becoming mandatory for serious web applications, and the demand for asynchronous processing was growing. apache 2.4.18
| CVE ID | Impact | Fixed in Version | |--------|--------|------------------| | CVE-2017-9798 (Optionsbleed) | Memory leak exposing .htaccess overrides | 2.4.28 | | CVE-2019-0211 | Privilege escalation (Apache children → root) | 2.4.39 | | CVE-2019-10098 | HTTP/2 request smuggling | 2.4.40 | | CVE-2020-11993 | Push diary crash in HTTP/2 | 2.4.44 | | CVE-2021-40438 | Server-side request forgery (mod_proxy) | 2.4.49 | | CVE-2021-44790 | mod_lua buffer overflow (RCE) | 2.4.52 | | CVE-2022-23943 | mod_sed memory corruption | 2.4.53 | | CVE-2022-31813 | mod_proxy_ajp request smuggling | 2.4.54 | Prevents denial of service risks within mod_auth_digest
Bentley User Group Victoria Australia