Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source

A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...

CVE-2000-1206

Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using modrewrite, or modvhostalias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files...