What the vulnerability does

01Description

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

Key dates

02Disclosure timeline

April 1, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE