Vulnerability: Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

Impact

An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.

Severity

medium

Verified

Unknown