No, you cannot apply the Apache HTTP Server security patches to Oracle HTTP Server for the following reasons:
Oracle tests and appropriately modifies security patches before releasing them to Oracle HTTP Server users.
In many cases, the Apache HTTP Server alerts, such as OpenSSL alerts, may not be applicable because Oracle has removed those components from the stack.
The latest security related fixes to Oracle HTTP Server are performed through the Oracle Critical Patch Update (CPU). See Oracle's Critical Patch Updates and Security Alerts Web page.
Note:
After applying a CPU, the Apache HTTP Server-based version may stay the same, but the vulnerability will be fixed. There are third-party security detection tools that can check the version, but do not check the vulnerability itself.