Version 1.3.14 of Apache has been launched. The Windows folks have to be patient for a while, because the binaries for Win32 are not yet available. A lot of things have been adjusted, like you in the changelog can read:
Fix a security problem that affects some configurations of mod_rewrite. If the result of a RewriteRule is a filename that contains expansion specifiers, especially regexp backreferences $0..$9 and %0..%9, then it may have been possible for an attacker to access any file on the web server.
[…] Prevent the source code for CGIs from being revealed when using mod_vhost_alias and the CGI directory is under the document root and a user makes a request like as reported in [email protected]>