In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |
||
opensuse leap 15.1 |
||
netapp oncommand unified manager core package - |
||
broadcom brocade fabric operating system - |
||
oracle sd-wan aware 8.2 |
||
oracle instantis enterprisetrack |
||
oracle communications element manager 8.2.0 |
||
oracle communications element manager 8.2.1 |
||
oracle communications element manager 8.1.1 |
||
oracle enterprise manager ops center 12.4.0.0 |
||
oracle communications session report manager 8.1.1 |
||
oracle communications session report manager 8.2.0 |
||
oracle communications session report manager 8.2.1 |
||
oracle communications session route manager 8.1.1 |
||
oracle communications session route manager 8.2.0 |
||
oracle communications session route manager 8.2.1 |
||
oracle zfs storage appliance kit 8.8 |