Threat Post

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects. Don’t duck at the latest mention of Apache: ...
The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.
ZDNet

CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products

Cisco noted that one of the vulnerabilities in the mod_proxy module of Apache HTTP Server (httpd) could allow an unauthenticated, remote attacker to make the httpd server forward requests to an ...
InfoWorld

Nginx claims more top websites at Apache’s and Microsoft’s expense

Depending on who you ask, Nginx is either the second- or third-most widely used Web server. But among the most heavily trafficked sites, it’s headed straight to the top. Originally released in 2002, ...