The Apache Foundation has fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code. The flaws were uncovered by Felix Wilhelm of Google Project Zero, and have since been addressed by the Apache Foundation in the latest version of the software (2.4.46). The most severe of the three vulnerabilities resides in the HTTP/2 module and uses a specially crafted ‘Cache-Digest’ header to cause a memory corruption to lead to a crash and denial of service. No reports of these vulnerabilities being exploited in the wild.
Source: https://thehackernews.com/2020/08/apache-webserver-security.html