I am running Rocky 8.5 and apache 2.4.37. As an initial warning, I am a bit of a novice - I have got everything setup and my website is working A OK.
After a fruitful morning working through a PCI test I have managed to harden the server and pass almost all PCI tests bar one apache related CVE (CVE-2021-36160) which was resolved in 2.4.49.
I understand backporting is the preferred approach to resolving these issues BUT this CVE has no patch available. RH indicates no possible mitigation.
Is an upgrade to a later apache version (latest stable is 2.4.51) the next suitable step for a Rocky8.5 install? Otherwise I don’t see a way to overcome this issue?
Thanks for any input