This cgi-bin call, along with any others that are unused, should be removed. A patched version of the escape_shell_cmd() function is available as part of later httpd distributions. This can be obtained at: http://hoohoo.ncsa.uiuc.edu/beta-1.5 Apache should be upgraded immediately.
Apache Software Foundation Apache and NCSA httpd contain a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when a remote attacker requests the 'phf' program with a specially crafted argument, which will execute arbitrary commands on the target machine. This flaw may lead to a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove the 'phf' script from the web server