**Name of the Vulnerable Software and Affected Versions:**

Apache HTTP Server versions 2.4.59 and earlier

Apache2 versions 2.4.41-4ubuntu3.23 (for Ubuntu)

Apache2 versions 2.4.61-1.1 (for openSUSE Tumbleweed)

Apache2 versions 2.4.61-alt1

**Description:**

A flaw exists in the `mod rewrite` module of Apache HTTP Server due to improper escaping of output. This allows an attacker to map URLs to filesystem locations that are permitted to be served by the server, even if those locations are not directly accessible via URL. This can result in code execution or source code disclosure. The vulnerability has been actively exploited in the wild, including attacks targeting SonicWall SMA devices.

**Recommendations:**

Upgrade Apache HTTP Server to version 2.4.60 or later.

Upgrade Apache2 to version 2.4.61-1~deb11u1 for the oldstable distribution (bullseye) or 2.4.61-1~deb12u1 for the stable distribution (bookworm).

Upgrade Apache2 to version 2.4.61-1.1 for openSUSE Tumbleweed.

Upgrade Apache2 to version 2.4.61-alt1.