Vulnerability in probably all versions of apache web server, default install (as of version 1.3.29). There are few scenarios, few calls leading to that bug. The first call is in mod_auth, mod_auth3 and mod_auth4. Enjoy IT!