apr_fnmatch. An update to APR, version 1.4.5, which resolves the issue has been released by the APR developers and is bundled with Apache HTTP Server 2.2.19. Users can upgrade to httpd 2.2.19 or, if running httpd 2.2.17 or earlier, work around the denial of service problem by using the "IgnoreClient" option of the "IndexOptions". The problem was first noted and tracked on Debian mailing lists.
ap_unescape_url_keep2fwhich had broken binary compatibility with some third party modules. The 2.2.19 update to httpd is available to download from the project's download page. The updated APR 1.4.5 is also available for download for developers who use the library in other projects.
LINK TO OUR HOME PAGE :