This vulnerability is an escalation of privilege that allows someone who can write .htaccess files to read arbitrary files in Apache HTTP Server using the mod_rewrite and ap_expr features. The flaw appears in release 2.4.66 and earlier. By inserting expressions into a .htaccess file, the attacker causes the server to resolve file paths with the privileges of the httpd user, granting read access to files that normally require higher rights, thereby compromising confidentiality. Based on the description, it is inferred that the attack requires write access to .htaccess files in a web directory.

The affected products are Apache HTTP Server versions 2.4.66 and earlier. All installations running those releases on any supported platform are potentially vulnerable, regardless of the operating system.

Because the attack requires only the ability to create or modify a .htaccess file in a web directory, the vector is local or remote if write access is attainable. The flaw provides read capability of server files but does not directly allow code execution. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation is not documented yet. Based on the description, it is inferred that the attack can be carried out from a client that can write to a web directory, making the local or remote attack vector dependent on privileges. Nonetheless, the impact – unauthorized disclosure of sensitive files – is significant, and the CVSS score is 8.8 given the privilege escalation nature.