Bugtraq mailing list archives
Re: [NTSEC] IIS 4 Request Logging Security Advisory
From: omigosh () CARIBSURF COM (Information Services)
Date: Fri, 22 Jan 1999 08:13:29 -0400
Hi David: I tried the AVOID.EXE from my Win98 PC and pointed it at my www.spiceisle.com webserver, which is running NT4/IIS3/SP4 with the IIS GET hotfix. The following was reported in the IIS log file: nnn.nnn.nnn.nnn,-,22/01/99,07:57:37,W3SVC,WWW,205.214.207.98,401,10183,101,4 00,0,-,-,-, where nnn.nnn.nnn is the IP address of my workstation. AVOID.EXE returned the following information in the DOS window that I ran it from: C:\download>avoid www.spiceisle.com HTTP/1.0 400 Bad Request Content-Type: text/html <body><h1>HTTP/1.0 400 Bad Request </h1></body>c HTTP/1.0 400 Bad Request Content-Type: text/html <body><h1>HTTP/1.0 400 Bad Request </h1></body>c Looks like the server's safe once SP4 and the IIS GET hotfix are loaded. HTH, Brian Steele
Current thread:
- Re: [NTSEC] IIS 4 Request Logging Security Advisory Information Services (Jan 22)