with Conectiva Linux.
1) Under certain configurations, the mod_rewrite module could be used
to access any file on the server, provided that filesystem access
rights permitted that. Now the mod_rewrite module makes a one-pass
expansion and is no longer vulnerable to this.
2) The other vulnerability is regarding the handling of Host: headers
in mass virtual hosting configurations. The check for dot (".")
charactes in that header was not complete and could permit access to
a parent directory."