HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.

Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in ...

The Apache Software Foundation has released an update to address a critical flaw in its hugely popular web server that allows remote attackers to take control of a vulnerable system. The first Apache ...

Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability. Apache HTTP Server ...

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. The ...

Developers behind the Apache HTTP Server Project are urging users to apply a fix immediately to resolve a zero-day vulnerability. According to a security advisory dated October 5, the bug is known to ...

Community driven content discussing all aspects of software development from DevOps to design patterns. There are a variety of reasons why developer or DevOps professionals locally install the Apache ...

A single malformed web request is all it takes. On May 4, 2026, the Apache Software Foundation quietly filed a vulnerability report with the National Vulnerability Database disclosing a critical flaw ...