Hi, I may be misunderstanding your comment but I don't think it is fixed in Plucky - I've just tried and can reproduce with the same behaviour (using version 2.4.63-1ubuntu1).
In both Plucky and Jammy I get a 403 response, with the "AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F" error logged in the error.log - and from the looks of it I think that is probably what you were actually getting too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2103723 Title: Fix for CVE-2024-38474 also blocks %3f in appended query strings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2103723/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
