COMMAND

    httpd

COMMAND

    This security hole only  presents itself for systems  with cgi-bin
    directories contained within their DocumentRoot directories.   You
    can access the source code  by adding multiple "/" preceeding  the
    cgi-bin portion of  the URL.   If indexing is  turned on, you  can
    get a  full listing  of all  files within  the cgi-bin  directory.
    Example URL's follow:

         URL:    http://www.foo.com//cgi-bin/
         URL:    http://www.foo.com///cgi-bin/man.pl

    The  daemon  fails  to  detect  this  as  a cgi-bin redirect, then
    parses the file ///cgi-bin/man.pl from your document root.   Since
    the multiple slashes are legal syntax in UNIX, the daemon  returns
    the file  as straight  text.   This provides  potential hackers  a
    glimpse at  what measures  you have  taken (or  haven't taken)  to
    thwart their access.