Is CVE-2016-8743 fixed in Apache 2.4.18
My vulnerability scans come up with:
Apache HTTPD: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)
Then it recommends that we upgrade to Apache 2.4.25 where this problem is corrected. One of the developers here said that Canonical has probably aleady fixed this in 2.4.18, but I can find any information to corroborate that.
Is (CVE-2016-8743) fixed in 2.4.18, or should I just upgrade Apache to 2.4.25?