A substitution encoding flaw was found in the Apache HTTP Server. This flaw allows an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.