Apache Httpd 2.4.18 Exploit Direct

: If a webmaster uses the Limit directive with an invalid or custom HTTP method in a .htaccess file, the server can leak small chunks of its process memory in the "Allow" header of its response.

: The nonce generation for Digest authentication was not sufficiently random. apache httpd 2.4.18 exploit

While original proofs-of-concept for this were unreliable (often leading to a DoS), refined exploits using heap grooming can turn this into remote code execution. : If a webmaster uses the Limit directive