The remote host is missing an update to apache2 announced via advisory DSA 1816-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201816-1

It was discovered that the Apache web server did not properly handle the Options= parameter to the AllowOverride directive: In the stable distribution (lenny), local users could (via .htaccess) enable script execution in Server Side Includes even in configurations where the AllowOverride directive contained only Options=IncludesNoEXEC. In the oldstable distribution (etch), local users could (via .htaccess) enable script execution in Server Side Includes and CGI script execution in configurations where the AllowOverride directive contained any Options= value. For the stable distribution (lenny), this problem has been fixed in version 2.2.9-10+lenny3. The oldstable distribution (etch), this problem has been fixed in version 2.2.3-4+etch8. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed in version 2.2.11-6. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages (except for the s390 architecture where updated packages will follow shortly). We recommend that you upgrade your apache2 packages.