Assuming Debian because why not, (and because I don't want to look at RHEL):

2.4.57 never made it into Debian stable, only went as far as testing and unstable.

2023-10-19 was when 2.4.57 was superseded by 2.4.58 in unstable.

So assuming they are not using RHEL or similar, they have either pinned Apache httpd, used a custom build, or haven't updated their server since the start of 2024.

- - -

Since then, there have been 11 moderate, 8 important security fixes according to Apache.