In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
{ "cpes": [ "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" ], "severity": "Medium" }