A recent Apache security issue has come to light that affects versions 2.2.34 and 2.4.27. A flaw in the way the server handles requests can allow remote attackers to gain access to sensitive information or even execute arbitrary code. The issue arises due to the way the server handles certain requests that include multiple headers with the same name. By crafting a specially crafted request, an attacker can cause the server to mishandle the request and return information that it should not have. This can lead to information disclosure or even code execution. Apache has released patched versions of the affected software, so users are advised to upgrade as soon as possible.