ISS reported a vulnerability found in the chucked encoding implementation of the Apache 1.3.24 and 2.0.36 and below servers that under some conditions can be used to remotely execute code on systems running this software. Note that the by ISS supplied patch, which is included in this advisory, does not fix this vulnerability.
eda6ad9d37711b41b271339dd3102eebcf86b868e4acbe53efdd0b47ba875df1