Released to address several security flaws, version 2.2.22 itself became the target of subsequent discoveries. The most notable vulnerabilities associated with this era of Apache involve and Information Disclosure . Key Vulnerabilities and Exploitation Vectors 1. Range Header DoS (CVE-2011-3192)
A segfault could be triggered by sending a nameless, valueless cookie when the %{}C log format was in use. apache httpd 2222 exploit
: Apache version 2.2.21 and earlier did not properly sanitize long or malformed HTTP headers when generating "400 Bad Request" error pages. Released to address several security flaws, version 2
Here's an interesting story: