Apache what?
Maybe it's just me, but when I read "Apache vulnerability" without any further qualification as to which part of the Apache Foundations gazillion apps is meant, I tend to assume it's the plain old HTTPD.
Turns out, it's not. It's Apache Struts Jakarta, not the trusty web server.