Apache httpd has some reproducible UAF race condition(s). Lack of interest from maintainers is a little surprising. I agree with authors that we need to treat bugs like this as potentially exploitable and err on the side of caution. Especially preauth in major server software.https://twitter.com/hanno/status/1087260075666878464 …
Huh, wonder if any of it has to do with Behlendorf (previous lead Apache httpd dev) leaving Apache Foundation and joining Linux Foundation in 2016