This vulnerability affects Apache 2.4.17 and 2.4.18 when the experimental HTTP/2 module is enabled.
However, I can give you a of known issues with Apache 2.4.18 (released Dec 2015) from a defensive perspective:
: A Use-After-Free flaw in the Apache "scoreboard" (shared memory used for tracking child processes) allows a worker process to manipulate memory and execute arbitrary code as the parent process (root). apache 2.4 18 exploit
Versions 2.4.0 through 2.4.23 utilized mod_session_crypto without authenticated encryption, making them vulnerable to padding oracle attacks .
If you see a working “Apache 2.4.18 exploit” in the wild today, it’s most likely: This vulnerability affects Apache 2
The paper provides a detailed analysis of the vulnerability and its exploitation.
You're looking for information on a specific vulnerability in Apache HTTP Server version 2.4.18. Here's what I found: If you see a working “Apache 2
Here are the CVE details:
: The attacker must already have the ability to run code in a less-privileged worker process (e.g., via a PHP script or a separate web application vulnerability).