A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.
This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:
grep -R '^\s*Rewrite' /etc/httpd/
See <https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html>