Apache 2.0.42 allows remote malicious users to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
apache http server 2.0.42