From https://bugzilla.redhat.com/show_bug.cgi?id=871685 :
When mod_proxy_ajp sends a request to a worker node and the time to process that request exceeds
the configured timeout, the worker node will be marked as in the error state, stopping all traffic
to the node until it is flagged as up again. A remote attacker could use this flaw to trigger a
temporary denial of service attack, provided they were able to create a request that caused
sufficient processing time to exceed the timeout threshold.
According to upstream security page, this affected versions 2.2.12 - 2.2.21.
This was fixed in =www-servers/apache-2.2.22 and there was already a GLSA  advising users to update to =www-servers/apache-2.2.22-r1.