A flaw was found in the Apache HTTP Server. Due to improper escaping of output in mod_rewrite, this flaw allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL, resulting in code execution or source code disclosure.