Security Incidents mailing list archives
Re: New Attack / New Vulnerability?
From: Mark Seiden <mis () seiden com>
Date: Wed, 27 Feb 2002 11:36:49 -0800
stfw, luke. according to http://www.incidents.org/archives/intrusions/msg03024.html "This appears to be an IE 6 client on XP with Office XP installed. This configuration enables the discussion bar in IE. <http://msdn.microsoft.com/library/en-us/off2krk/html/70ct_10.asp> When the discussion bar is enabled and configured, the web client queries the server automatically to see if has SharePoint Team Services installed (owssvr.dll as ISAPI.) <http://msdn.microsoft.com/library/en-us/spsdk11/caml_schema/spxmlconrenderingcaml.asp> Matt Scarborough 2001-12-23" On Wed, Feb 27, 2002 at 11:11:00AM -0600, Sterling Moses wrote:
Is there a new vulnerability out? We monitor hundreds of financial IIS servers and have noticed many requests for the following: GET /_vti_bin/owssvr.dll 404 These requests originate from multiple IP addresses, and hit different machines on different networks. Based on the traffic and number of entries I can guess these are not targeted attacks, but seem to be opportunistic in nature. Any information would be helpful. Sterling. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
-- mark seiden, mis () seiden com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Wave of Nimda-like hits this morning?, (continued)
- Re: Wave of Nimda-like hits this morning? John Brahy (Feb 26)
- Re: Wave of Nimda-like hits this morning? Jay D. Dyson (Feb 27)
- Re: Wave of Nimda-like hits this morning? Benjamin Morin (Feb 28)
- RE: Wave of Nimda-like hits this morning? Christopher L. Morrow (Feb 27)
- Re: Wave of Nimda-like hits this morning? John Brahy (Feb 26)
- Re: Wave of Nimda-like hits this morning? security (Feb 26)
- Re: Wave of Nimda-like hits this morning? Erick Brockway (Feb 27)
- Wave of Nimda-like hits this morning? Michael Sutton (Feb 26)
- RE: Wave of Nimda-like hits this morning? Ronneil Camara (Feb 26)
- RE: Wave of Nimda-like hits this morning? Greg Williamson (Feb 26)
- New Attack / New Vulnerability? Sterling Moses (Feb 27)
- Re: New Attack / New Vulnerability? Mark Seiden (Feb 27)
- New Attack / New Vulnerability? Sterling Moses (Feb 27)
- RE: Wave of Nimda-like hits this morning? Darren Young (Feb 27)
- RE: Wave of Nimda-like hits this morning? Scott A. Barbour (Feb 27)