According to an Apache
announcement, a vulnerability exists in the Apache HTTP server, version
1.3. The problem is a potential buffer overflow in the "get_tag" function
of Apache's SSI module "mod_include". It allows local users who can create
SSI documents to execute arbitrary code as the Apache run-time user via SSI
documents that trigger a content length calculation error.