The latest version of Apache 1.3.42 is the last 1.3 version of Apache that will be released. I admit I've been running 1.3 for ages now due to it being rock solid and having a decent security track record. The announcement states that security patches 'may be available' at http://www.apache.org/dist/httpd/patches/ but consider this the time to finally upgrade to 2.x.
"This version of Apache is is principally a bug and security fix release.
The following moderate security flaw has been addressed:
- CVE-2010-0010:
mod_proxy: Prevent chunk-size integer overflow on platforms
where sizeof(int) < sizeof(long). Reported by Adam Zabrocki." – Apache
Announcement: http://www.apache.org/dist/httpd/Announcement1.3.html