Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] Strange HTTP requests
  • From: <dog@xxxxxxxxx>
  • Date: Thu, 19 Jul 2001 23:08:10 -0500 (CDT)
  • Message-id: <Pine.LNX.4.31.0107192307330.13878-100000@xxxxxxxxxxxxx>
this only affects microsoft internet information server (iis) you have
nothing to worry about if you are only running apache.

On Thu, 19 Jul 2001 michael.ryan@xxxxxxxx wrote:

>
>
>... on the same thread ... are there any known exploits/vulnerabilities for
>Apache 1.3.12 running on SuSE?
>(The only issue I found on
>http://www.suse.com/us/support/security/index.html was dated 07-09-2000 and
>just required a minor edit to httpd.conf)
>should I upgrade to 1.3.19 anyway?
>
>TIA
>Michael
>
>
>
>
> Lars Trebing
> <ltrebing@ltr To: SuSE Security Mailing List <suse-security@xxxxxxxx>
> ebing.de> cc:
> Subject: [suse-security] Strange HTTP requests
> 07/19/2001
> 07:46 PM
>
>
>
>
>
>
>Hello everyone,
>
>My Apache has just got three strange requests from three different
>addresses:
>
>63.149.209.133 - - [19/Jul/2001:18:55:47 +0200] "GET
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>
>HTTP/1.0" 400 315
>209.215.117.8 - - [19/Jul/2001:19:14:28 +0200] "GET
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>
>HTTP/1.0" 400 315
>161.184.88.254 - - [19/Jul/2001:19:21:18 +0200] "GET
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>
>HTTP/1.0" 400 315
>
>Might this perhaps be an attack for a known bug of some HTTP server?
>Should I maybe even worry about this? (I am running Apache 1.3.12).
>
>By the way, I performed the same request locally and got a 404 error
>instead of the 400s reported in the log.
>
>TIA, Lars
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
>
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>

Chad Whitten
Network/Systems Administrator
Nexband Communications
chadwick@xxxxxxxxxxx


< Previous Next >
Follow Ups
References