Re: new www vulnerablity
The access request for "/..À¯../..À¯../cmd1.exe" indicates that this
is some kind of Microsoft bug (no suprises there). I recieve plenty
of probes like this a day, it's probably just some hacker running an
automated script to check for vulnerable sites. Nothing to worry
about unless you're running IIS ;-)
On Mon, Apr 08, 2002 at 10:31:43PM +0200, James Nord wrote:
> Hi,
>
> Is anyone aware of a vulnerablity that is characterised by the following
> against a www server?
> or is the ^E etc just a way of trying to hide the variuos attempts below?
>
> [Sat Apr 6 02:44:07 2002] [error] [client 24.101.140.253] Invalid
> method in request ^E^A
> [Sat Apr 6 02:44:07 2002] [error] [client 24.101.140.253] Invalid
> method in request ^E^A^B
> [Sat Apr 6 02:44:08 2002] [error] [client 24.101.140.253] Invalid
> method in request ^A
> [Sat Apr 6 02:44:09 2002] [error] [client 24.101.140.253] Invalid
> method in request ^Z
> [Sat Apr 6 02:44:12 2002] [error] [client 24.101.140.253] File does not
> exist: /mnt/bigone/www/html/www.teilo.net/invalidfilename.htm
> [Sat Apr 6 02:44:12 2002] [error] [client 24.101.140.253] Options
> ExecCGI is off in this directory:
> /mnt/bigone/www/html/www.teilo.net/invalidfilename.cgi
> [Sat Apr 6 02:44:13 2002] [error] [client 24.101.140.253] Invalid URI
> in request GET /../invalidfilename.htm HTTP/1.0
> [Sat Apr 6 02:44:13 2002] [error] [client 24.101.140.253] File does not
> exist: /mnt/bigone/www/html/www.teilo.net/invalidfilename.htm
> [Sat Apr 6 02:44:14 2002] [error] [client 24.101.140.253] Options
> ExecCGI is off in this directory:
> /mnt/bigone/www/html/www.teilo.net/invalidfilename.cgi
> [Sat Apr 6 02:44:14 2002] [error] [client 24.101.140.253] Invalid URI
> in request GET /../invalidfilename.htm HTTP/1.0
> [Sat Apr 6 02:44:15 2002] [error] [client 24.101.140.253] File does not
> exist: /mnt/bigone/www/html/www.teilo.net/..À¯../..À¯../sensepost.exe
> [Sat Apr 6 02:44:15 2002] [error] [client 24.101.140.253] File does not
> exist: /mnt/bigone/www/html/www.teilo.net/..À¯../..À¯../sensepost.exe
> [Sat Apr 6 02:44:16 2002] [error] [client 24.101.140.253] File does not
> exist: /mnt/bigone/www/html/www.teilo.net/..À¯../..À¯../cmd1.exe
>
>
> Regards,
>
> /James
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
shiftee <shiftee@manifestation.org>
PGP Key: 0xB7A36039@wwwkeys.pgp.net
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: