Comment 2 for bug 1875299

If you feel this is a real security vulnerability which has not received a CVE, you could try discuss with the apache developers and once a CVE has been assigned the Ubuntu Security team can fix it via a security update for Apache. Otherwise, this could be addressed via the Stable Release Update (SRU) process otherwise - https://wiki.ubuntu.com/StableReleaseUpdates