Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. “A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49.
Source: https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html