Description
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-3706 Vulnerability (CVE-2006-3706)
WordPress Plugin Twitch Player Cross-Site Scripting (2.1.0)
MySQL CVE-2022-21301 Vulnerability (CVE-2022-21301)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8155)
WordPress Plugin Events Made Easy Multiple Vulnerabilities (1.5.49)