I don't use Apache, but I know many of you are using it in your shops. You can find it on Security Focus here . Now would probably be a good time to upgrade to a newer version if you haven't already. They even mention a proof of concept tool on Bugtraq. Sorry if this is old; I just saw it on Security Focus, so I figured I'd post it to make sure you guys were aware.

Apache fixes scripting flaw

By John Leyden, The Register Oct 4 2002 5:23AM

Apache is vulnerable to a number of cross-site scripting attacks.

According to a posting to BugTraq this week, the popular Web server platform is vulnerable due to "SSI error pages of the Web server not being properly sanitised of malicious HTML code".

Because of this, attacker-constructed HTML pages or script code may be executed on a web client visiting the malicious link placed on sites run using Apache. Cookie-based authentication credentials might be stolen using the attack or, worse, a number of arbitrary actions might be taken on a victim's machine.

A proof-of-concept exploit has been posted to BugTraq.

Previous versions of Apache on a wide variety of platform are potentially vulnerable, as explained in greater detail here.

Admins are advised to update their Web server software to either Apache versions 1.3.27 or 2.0.43, which are both resilient to the attack. These versions incorporate a fix, as explained in more depth on Apache's Web site, by security researcher Matthew Murphy, who reported the flaw.
Have a great day!