The following lines were added (+) and removed (-):
Quick Fix: Use "Options IncludesNoExec" to resolveUse "Options IncludesNoExec" to resolve. The exec command executes a given shell command or CGI script. Options IncludesNOEXEC disables this command completely so the server-side includes module cannot execute commands. It is recommended you do not use the Includes option but instead use IncludesNoExec. Example: Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExecSecurity issue: if the system is configured with "AllowOverride Options=IncludesNoEXEC", a local user can place "Options Includes" in a '.htaccess' file to cause Server Side Includes to be enabled with exec privileges. This is verified on Apache version 2.2.11 as a reported vulnerability.The exec command executes a given shell command or CGI script. It requires mod_cgi to be present in the server. If Options IncludesNOEXEC is set, this command is completely disabled.The exec command could potentially enable an attacker to execute commands on the system. The exec command requires mod_cgi to be present in the server.