AN HTTPd versions 1.42h and prior ships with a script called count.pl which allows remote attackers to use a directory traversal attack to overwrite the contents of files on the system.
a74b48909192b5c91b042611f88dcec0fb0d56626236be2a2851014e83d805c1