Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier makes it possible for an attacker to map URLs to filesystem spots which have been permitted for being served through the server but are not intentionally/immediately reachable by any URL, causing code execution or source code disclosure. https://apache-support33332.evawiki.com/8893417/apache_support_fundamentals_explained