Regression issue with RewriteRule appending %3f to end of the URL when removing query string in Apache httpd after CVE-2023-25690

Issue

• Regression issue with RewriteRule appending %3f to end of the URL when removing query string in Apache httpd after CVE-2023-25690.

• As described in the mod_rewrite documentation:

  Modifying the Query String

  By default, the query string is passed through unchanged. You can, however, create URLs in the substitution string containing a query string part. Simply use a question mark inside the substitution string to indicate that the following text should be re-injected into the query string. When you want to erase an existing query string, end the substitution string with just a question mark. To combine new and old query strings, use the [QSA] flag.

  ending the substitution string of RewriteRule with just a question mark should erase an existing query string. So, we have mod_rewrite RewriteRule to remove an existing query parameter in the request that users sent like the following:

  RewriteRule ^/example/(.*)$ /example.html? [R,L]
  

  RewriteRule ^/test/(.*)$ http://www.example.com/test.html? [R,L]
  

  RewriteRule ^/(.*)$ /$1? [R,L]
  

  For example, when a user sends a request /test/test?query=12345 to httpd with the above configuration, we expect it's redirected to http://www.example.com/test.html, and this works correctly until httpd-2.4.6-98.el7_9.6 rpm in RHEL 7.
  However, after upgrading to httpd-2.4.6-98.el7_9.7 rpm, it's changed to redirect with appending %3f to the end of the URL like http://www.example.com/test.html%3f, so it results in 404 Not Found.