source: http://www.securityfocus.com/bid/4533/info

An issue has been discovered in Sambar Server, which could allow a user to reveal the source code of script files.

Submitting a request for a known script file along with a space and null character (%00), will successfully bypass the serverside URL parsing. 

http://server/cgi-bin/environ.pl+%00