The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.
TechRepublic

How to secure your Apache 2 server in four steps

If you’re concerned about the security of your Apache server, these four tips will go a long way to keeping that system secure. Apache is one of the most widely used web servers on the planet, and ...
Bleeping Computer

Apache fixes actively exploited zero-day vulnerability, patch now

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. The ...
heise online

Apache HTTP Server: Highly critical flaws allow malicious code injection

In Apache HTTP Server 2.4.67, developers are patching several security vulnerabilities, some of which allow the injection of malicious code. Several security vulnerabilities have been discovered in ...