Apache Rewrite Module Arbitrary File Disclosure Vulnerability
mod_rewrite is a module shipped with Apache 1.2 and later. It is used to map special URLS to absolute files on the web server's filesystem.
If a RewriteRule directive is expressed whose result maps to a filename containing regular expression references, the result may provide an attacker with the ability to view arbitrary files on the host.
example RewriteRule directives: (the first two are vulnerable)
RewriteRule /test/(.*) /usr/local/data/test-stuff/$1
RewriteRule /more-icons/(.*) /icons/$1
RewriteRule /go/(.*) http://www.apacheweek.com/$1
(excerpted from Apache development list 09-22 and amended by Tony Finch <firstname.lastname@example.org>)