Apache Fixes 8 Flaws in Urgent HTTP Server Update

The Apache Software Foundation has released version 2.4.64 of its HTTP Server, providing critical updates that address eight security vulnerabilities impacting all 2.4.x versions. This Apache fix for 8 flaws includes patches for issues such as HTTP response splitting, server-side request forgery (SSRF), and denial-of-service threats. These flaws posed risks to both server integrity and operational stability.

Among the most notable fixes is CVE-2024-42516, a persistent HTTP header flaw that previous versions failed to fully resolve. Two SSL/TLS vulnerabilities, CVE-2025-23048 and CVE-2025-49812, also received attention, addressing access control bypass and TLS upgrade hijacking. This comprehensive Apache fix for 8 flaws also mitigates SSRF issues, including the risk of NTLM hash leakage on Windows systems and proxy misuse.

Administrators are urged to upgrade immediately, especially in environments handling sensitive data. Full vulnerability details and upgrade guidance are available in the official announcement.

Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities