In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" ] }