Fixed in Apache HTTP Server 2.4.56 important: HTTP request splitting with mod_rewrite and mod_proxy Consult the Apache httpd 2.2 vulnerabilities list for more information. The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Please send comments or corrections for these vulnerabilities to the Security Team.
Please note that if a vulnerability is shown below as being fixed in a '-dev' release then this means that a fix has been applied to the development source tree and will be part of an upcoming full release. We also list the versions the flaw is known to affect, and where a flaw has not been verified list the version with a question mark. Each vulnerability is given a security impact rating by the Apache security team - please note that this rating may well vary from platform to platform. This page lists all security vulnerabilities fixed in released versions of Apache HTTP Server 2.4.
