The remote host is missing an update to lighttpd announced via advisory DSA 1362-2.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201362-2

A problem was discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitary code via the overflow of CGI variables when mod_fcgi was enabled. This updated advisory correctly patches the security issue, which was not handled in DSA-1362-1. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch4. We recommend that you upgrade your lighttpd package.