If Apache is truly only listening on 127.0.0.1, than you should be OK. If Apache is listening on your local IP (e.g. 192.168.1.10), then you would be vulnerable. Run netstat -ln. If you see something like "0.0.0.0:80" or "192.168.1.10:80," you would be vulnerable. If, however, you see "127.0.0.1:80," you should be OK.
Also, why do you want to do this? Perhaps it would be better to start with what you are trying to accomplish.