Description
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1240)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-36095)
Moodle CVE-2021-40695 Vulnerability (CVE-2021-40695)
WordPress Plugin Attached images title editor Cross-Site Scripting (1.1.1)
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22873)