A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and
DTLS can be exploited in a denial of service attack on both clients and
servers. Affects all versions of OpenSSL prior to and including 1.0.1b, 1.0.0i & 0.9.8w
You can download these updates for our Apache 2.2.22 & 2.4.2 releases on our download page (http://www.apachehaus.com/cgi-bin/download.plx).