The Apache HTTP Server is a widely used web server software. This vulnerability affects the mod_md module, which handles ACME certificate renewal. When the ACME certificate renewal process fails, the backoff timer becomes 0, causing repeated attempts without delays until it succeeds.
You're affected if you use An. Affected versions: 2.4.66
Upgrade to version 2.4.66, which fixes the issue.
* Maven: Update your pom.xml dependency version
* Package manager (e.g., apt-get, yum): apt-get install apache2 or yum install httpd
- Immediate mitigations:
* Restrict network access to your Apache HTTP Server instance (firewall it from the public internet)
* Audit admin account activity for suspicious access patterns
* Monitor for unauthorized token creation