The remote host is missing an update to libapache-mod-ssl announced via advisory DSA 135-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20135-1

The libapache-mod-ssl package provides SSL capability to the apache webserver. Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web server user (regardless of ExecCGI / suexec settings), DoS attacks (killing off apache children), and allowing someone to take control of apache child processes - all trough specially crafted .htaccess files. More information about this vulnerability can be found at http://online.securityfocus.com/bid/5084 This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package (for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) . We recommend you upgrade as soon as possible.