[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: Remote Apache 1.3.x Exploit

To: misc@openbsd.org
Subject: Re: FW: Remote Apache 1.3.x Exploit
From: Maik Kuendig <openbsd-maillists@maik.li>
Date: Thu, 20 Jun 2002 13:56:39 +0000
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <200206200858.g5K8wC029187@mailserver2.hushmail.com> <20020620091100.GA19363@c9x.org> <3D11DC2D.60401@nezzwerk.net>
User-Agent: Mutt/1.2.5i, Unixmail for Windows 0.6

Hallo 
 
Brian Camp <sevenn@nezzwerk.net> schrieb:

> 
> I've noticed a few entries similar the following appearing in the 
> access_log of multiple servers today.  Does this indicate scanning and 
> trying to run the exploit?  Anyone else noticing this today?
> 
> -Brian
> 
> ghettobox.eurocompton.net - - [20/Jun/2002:01:58:18 -0500] "GET / 
> HTTP/1.1" 400 386

I see somthing like:

access_log:
127.0.0.1 - - [20/Jun/2002:17:50:23 +0200] "GET / HTTP/1.1" 400 373
127.0.0.1 - - [20/Jun/2002:17:50:47 +0200] "GET / HTTP/1.1" 200 2187
127.0.0.1 - - [20/Jun/2002:17:50:47 +0200] "u ?D$?|$" 501 -
127.0.0.1 - - [20/Jun/2002:17:53:00 +0200] "GET / HTTP/1.1" 400 374


error_log:
[Thu Jun 20 17:53:55 2002] [notice] child pid 31258 exit signal
Segmentation fault (11)
[Thu Jun 20 17:53:55 2002] [error] [client 127.0.0.1] request failed:
error reading the headers

best Regard

dae Maik

References:
- FW: Remote Apache 1.3.x Exploit
  - From: auto343553@hushmail.com
- Re: FW: Remote Apache 1.3.x Exploit
  - From: Jedi/Sector One <j@pureftpd.org>
- Re: FW: Remote Apache 1.3.x Exploit
  - From: Brian Camp <sevenn@nezzwerk.net>

Prev by Date: Re: Newbie question for website filtering
Next by Date: How to allow users to send mail
Prev by thread: Re: FW: Remote Apache 1.3.x Exploit
Next by thread: Re: FW: Remote Apache 1.3.x Exploit
Index(es):
- Date
- Thread