Gentoo Linux Security Advisory 201610-2 - Multiple vulnerabilities have been found in Apache, the worst of which could allow HTTP request smuggling attacks or a Denial of Service condition. Versions less than 2.4.23 are affected.
f52938e600b9ac39ca2ead14c607d873649a2281cb33d93efd4e5d0973d35baf
Red Hat Security Advisory 2016-1420-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
7cede861a05dabf8a87aa3760a62b71b991e7fc3605adcc358f10a01192a48e5
Apache HTTPD WebServer versions 2.4.18 through 2.4.20 do not validate an X509 client certificate correctly when the experimental module for the HTTP/2 protocol is used to access a resource.
73cb5eb411b034ceb6b622bf0f896e11c8dc4ab336ed65d2398b8fb6ff33854a