The Apache HTTP Web Server is the most widely deployed Web server on the Internet today, which means that vulnerabilities in the open source server can have a devastating impact. That also makes security updates like the new 2.2.15 release critical, since it addresses several security vulnerabilities in Apache's flagship HTTP Web server.
Chief among the new vulnerabilities is one flaw relating to a broader SSL issue first disclosed in November 2009. That issue involves a renegotiation flaw with TLS.

"Notably, this release was updated to reflect the OpenSSL Project's release 0.9.8m of the openssl library, and addresses CVE-2009-3555, the TLS renegotiation prefix injection attack," Apache noted in a mailing list announcement.

The SSL TLS renegotiation vulnerability might have made it possible for a man-in-the middle attack, potentially leading to SSL-protected sites facing the risk of being spoofed by malicious SSL/TLS credentials.

The link for this article located at ServerWatch is no longer available.