All sites should update apache
httpd24-httpd for cve-2021-40438 if you haven’t already done so. Here’s the RHEL link for the same. It should be as simple as updating that package.
As a note - the general guideline for us is that sites should upgrade
httpd24-httpd as RHEL is only updating these packages for bug fixes and security fixes. You can (and should) subscribe to RHEL’s security announcements.