The following ApacheCore.dll is a replacement for the original release 1.3.19 file installed in the Apache root directory, usually c:\Program Files\Apache Group\Apache\.
Please replace that file with this security fix. First, stop the server [apache -k stop -n Apache or use the shortcut] and then rename the existing ApacheCore.dll file [to ApacheCoreInsecure.dll or some such]. Finally, save the ApacheCore.dll file in place of the original, and then start your server again [Apache -k start -n Apache or use the shortcut]. The fix will change the server's identity from Apache/1.3.19 to Apache/1.3.19-rev1.
Do not apply this patch if you have a non-standard distribution of Apache. EAPI and SSL enabled Apache binaries can not use this replacement. Contact the distributor of your alternate distribution for an updated version with the security fix.
The Apache -v command may be used to assure that this security update has been applied. Updated biniaries will not be distributed for earlier versions of Apache, please upgrade to 1.3.19 if you haven't already, and replace the ApacheCore.dll file to obtain this fix.
This patch has not been fully regression tested. Apache/Win32 and OS2 users should Immediately update to 1.3.20 when that release is announced.
See http://www.apache.org/dist/httpd/patches/apply_to_1.3.19/ for the source code patch and further information about this security update.