The /cgi-bin directory is browsable. This will show you the name of the installed common scripts and those which are written by the webmaster and thus may be exploitable.
Make the /cgi-bin non-browsable.
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities