The single most effective mitigation against exploits targeting Apache 2.4.18 is to (such as 2.4.46 or later, and ideally the latest stable 2.4.x release). Beyond upgrading, administrators should:
The mod_session_crypto module was vulnerable to padding oracle attacks . Attackers could potentially decrypt and modify session data stored in user cookies because the server did not properly verify the integrity of the encrypted data. apache httpd 2.4.18 exploit
: The experimental HTTP/2 module fails to correctly validate X.509 certificates in certain configurations. apache httpd 2.4.18 exploit