Susam Pal

**Name of the Vulnerable Software and Affected Versions** Apache version 2.2.2 **Description** The issue allows remote attackers to read the source code of CGI programs. This is achieved by sending a request that contains uppercase or alternate case characters, which bypasses the case-sensitive ScriptAlias directive. However, on case-insensitive file systems, this allows access to the file. **Recommendations** For Apache version 2.2.2, consider modifying the ScriptAlias directive to handle case-insensitive file systems or restrict access to CGI programs until a proper fix is applied. As a temporary workaround, consider disabling CGI programs or restricting access to them to minimize the risk of exploitation.