COMMAND

    httpd

SYSTEMS AFFECTED

    Apache1.2b1, possibly others

PROBLEM

    http://some.machine.some.edu/cgi-bin/test-cgi? *

    (note the space after the "?")

    Gives:

    argc is 0. argv is .

    SERVER_SOFTWARE = Apache/1.2b1
    [etc]
    SERVER_PROTOCOL = printenv test-cgi HTTP/1.0
    [etc]
    QUERY_STRING =
    [etc]

    It  seems  that  distributions   that  changed  $QUERY_STRING   to
    "$QUERY_STRING" are still open to remote file listing.

SOLUTION

    Quoting  $SERVER_PROTOCOL  seems  to  fix  it....almost as well as
    deleting test-cgi.