Description
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
Remediation
References
Related Vulnerabilities
Joomla CVE-2021-23132 Vulnerability (CVE-2021-23132)
Jenkins Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43044)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.36)
SharePoint CVE-2025-21348 Vulnerability (CVE-2025-21348)
WordPress Plugin Gravity Upload Ajax Arbitrary File Upload (1.1)