1 Jun
2005
1 Jun
'05
16:32
Philipp, On Wednesday 01 June 2005 09:23, Philipp Snizek wrote:
Hi
got this in my access log of an apache:
213.47.46.45 - - [18/May/2005:17:17:06 +0200] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 ... [...snipping most of it...]\x90\x90\x90" 414 348
Some sort. It's an attempt to exploit a buffer overflow vulnerability. If your Apache is up-to-date, you're immune to the attack. It may not even be an Apache attack (it could target IIS, e.g.). The worst you'll experience is log file cruft.
Dr Google doesn't know anything bout it.
Any ideas what sort of attack this is?
Thanks Philipp
Randall Schulz