Incorrect escaping of output in mod_rewrite in Apache HTTP Server 2.four.fifty nine and previously lets an attacker to map URLs to filesystem spots which can be permitted to become served via the server but will not be deliberately/straight reachable by any URL, leading to code execution or resource code disclosure. https://apache-web-server-support43047.blogocial.com/apache-web-server-support-things-to-know-before-you-buy-64340521