An off-by-one vulnerability has been identified in the Apache web server (including 1.3, 2.0 and 2.2 branches). Under certain conditions a remote attacker may execute arbitrary code with priviledges of the web server user. Successful exploitation of this vulnerability requires that the ReWrite Engine be turned "on" and rewrite rules that do not use the F,G, or NE flags. Certain compilation parameters are also required and not all vendors are affected by this issue. All Apache users are recommended to check whether their version is affected (see the first link below) and upgrade to current release versions from their vendors if necessary. See the following advisories for more information.
http://www.kb.cert.org/vuls/id/395412
http://secunia.com/advisories/21197/
http://www.apache.org/dist/httpd/Announcement2.0.html