Christoph Anton

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.4.39 through 2.4.46 **Description** The issue exists due to insufficient input validation in the Apache HTTP Server. Exploitation of this issue may allow a remote attacker to impact the integrity of protected information. The problem is related to unexpected matching behavior when 'MergeSlashes OFF' is set. **Recommendations** For Apache HTTP Server versions 2.4.39 through 2.4.46, update to a version that fixes the unexpected matching behavior with 'MergeSlashes OFF'. At the moment, there is no information about a newer version that contains a fix for this vulnerability.