Hello.
We are currently running XAMPP (version 7.0.23) on Linux, and the version of Apache (2.4.27) is showing up as vulnerable in our PCI scan:
"On systems with the Limit directive set within a '.htaccess' file and set to an invalid HTTP method, a remote user can send a specially crafted HTTP
OPTIONS request for a path to trigger a use-after-free memory error and view potentially sensitive information from process memory on the target
system. This vulnerability is referred to as "Optionsbleed". This affects Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27."
We are instructed to upgrade Apache to version 2.4.28 to resolve this vulnerability. Was hoping you could provide a new bundle with the newest version of Apache installed.
Please advise. Thanks in advance.