The Apache HTTP Server versions 2.4.49 and earlier are affected by a vulnerability that could be exploited by a remote attacker to cause a denial of service
By sending specially crafted requests, the attacker could trigger a bug in the mod_proxy module, leading to the consumption of all available worker threads and causing the server to become unresponsive. This could potentially result in a complete denial of service for legitimate users. The CERT-FR recommends updating to version 2.4.50 or applying the proposed patch as a mitigation measure until the update is performed. It is crucial for administrators to be aware of this vulnerability and take prompt action to secure their Apache HTTP Servers.https://www.cert.ssi.gouv.fr/pdf/CERTFR-2024-AVI-0363.pdf