Apache HTTP Server - Unauthenticated Arbitrary File Read via Default ServerRoot Configuration
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.