The W3C CERN httpd HTTP server allows remote malicious users to determine the real pathnames of some commands via a request for a nonexistent URL.
w3c cern httpd 3.0