ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Created httpd tracking bugs for this issue:
Affects: fedora-all [bug 2005120]
This vulnerability is out of security support scope for the following product:
* Red Hat JBoss Enterprise Application Platform 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.