Poor escaping of output in mod_rewrite in Apache HTTP Server two.4.59 and before makes it possible for an attacker to map URLs to filesystem places which are permitted to generally be served with the server but aren't intentionally/instantly reachable by any URL, causing code execution or supply code disclosure. Worker: https://apachewebserversupport44443.wikibriefing.com/2701240/the_apache_support_service_diaries