how to prevent common file/directory exposure ??

DigitalDUST

ran a exploit on my own webserver and found out that i could access my c:<path> using the

[url]http://[/url]<yourserver>/php/php.exe?c:\ <path> in the url

how do i stop this from allowing any user to access to my files???

I am using apache 1.3.14 with PHP 4.0

the error code was:

Common File/Directory Exposure. Possible misconfiguration problem in the web server that allow unauthorized remote users to steal confidential documents or gain information about the web server's host machine.

any idea what I should do to prevent this??

Sxooter

1: upgrade apache to 1.3.28, there are security issues in 1.3.27 and before.

2: upgrade php to 4.3.2, there are some security and other issues in 4.0 that are fixed there as well.

3: install php as a module, so that files to run php are simply ended in .php, not executed by calling it via CGI.