The mod_vhost_alias module is an extension and is not compiled by default.
Upgrade to version 1.3.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Vendor URL: http://httpd.apache.org/
Vendor Specific Advisory URL
ISS X-Force ID: 11088