Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4720 https://access.redhat.com/errata/RHSA-2024:4720
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:4726 https://access.redhat.com/errata/RHSA-2024:4726
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:5001 https://access.redhat.com/errata/RHSA-2024:5001
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2024:5240 https://access.redhat.com/errata/RHSA-2024:5240
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2024:5239 https://access.redhat.com/errata/RHSA-2024:5239