The following flaw has been fixed in the Apache HTTP Server:
"A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when using the default AcceptFilter for that platform. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server."
Code not present in 2.2
Not affected. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Web Server 1 and 2, and Red Hat JBoss Enterprise Application Platform 5 and 6. This flaw only affects httpd running on Microsoft Windows. Red Hat JBoss Web Server 1 and 2, and Red Hat JBoss Enterprise Application Platform 5 and 6 can be run on Microsoft Windows. However, these products provide httpd 2.2, which is not affected by this flaw.
Michal Karm Babacek <mbabacek> updated the status of jira JWS-433 to Resolved
This issue has been addressed in the following products:
Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html