Hi there
FYI:
Apache HTTP Server 2.4.60 was just released (Including a moderate mod_rewrite vulnerability patch)
Severity: moderate
Affected versions:
- Apache HTTP Server 2.4.0 through 2.4.59
Description:
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Thanks and kind regards,
Stefano
------------------------------
Stefano Calisto
------------------------------