source: wwwsecurityfocuscom/bid/2300/info
NSCA httpd prior to and including 15 and Apache Web Server prior to 10 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI programs on the web server, if a ScriptAlias directory is defined under DocumentRoot A full listing of the CGI-BIN directory can be ...