The weakness is caused due to the mod_proxy module, when configured in reverse proxy mode, incorrectly processing certain web requests. This can be exploited to send requests to an unintended server behind the proxy via a specially crafted URL.
Full Details with PoC
RewriteRule ^(.*) http://10.40.2.159/$1 ProxyPassMatch ^(.*) http://10.40.2.159/$1