Incorrect escaping of output in mod_rewrite in Apache HTTP Server two.4.59 and previously enables an attacker to map URLs to filesystem locations that happen to be permitted to get served through the server but are certainly not intentionally/straight reachable by any URL, resulting in code execution or source code disclosure. https://www.hostscheap.com/apache-support-service