The remote host is missing an update to bonsai announced via advisory DSA 265-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20265-1

Rémi Perrot fixed several security related bugs in the bonsai, the Mozilla CVS query tool by web interface. Vulnerabilities include arbitrary code execution, cross-site scripting and access to configuration parameters. The Common Vulnerabilities and Exposures project identifies the following problems: * CVE-2003-0152 - Remote execution of arbitrary commands as www-data * CVE-2003-0153 - Absolute path disclosure * CVE-2003-0154 - Cross site scriptiong attacks * CVE-2003-0155 - Unauthenticated access to parameters page For the stable distribution (woody) these problems have been fixed in version 1.3+cvs20020224-1woody1. The old stable distribution (potato) is not affected since it doesn't contain bonsai. For the unstable distribution (sid) these problems have been fixed in version 1.3+cvs20030317-1. We recommend that you upgrade your bonsai package.