source: http://www.securityfocus.com/bid/2060/info Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language. By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known file that resides on the target host. Successful exploitation of this vulnerability could lead to the disclosure of sensitive information and possibly assist in further attacks against the victim. http://target/index.php3.%5c../..%5cconf/httpd.conf