Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Attack / New Vulnerability?

From: Mark Seiden <mis () seiden com>
Date: Wed, 27 Feb 2002 11:36:49 -0800
stfw, luke.

according to

http://www.incidents.org/archives/intrusions/msg03024.html

"This appears to be an IE 6 client on XP with Office XP installed. This
configuration enables the discussion bar in IE.
<http://msdn.microsoft.com/library/en-us/off2krk/html/70ct_10.asp>

When the discussion bar is enabled and configured, the web client queries the
server automatically to see if has SharePoint Team Services installed
(owssvr.dll as ISAPI.)
<http://msdn.microsoft.com/library/en-us/spsdk11/caml_schema/spxmlconrenderingcaml.asp>

Matt Scarborough 2001-12-23"




On Wed, Feb 27, 2002 at 11:11:00AM -0600, Sterling Moses wrote:

Is there a new vulnerability out?

We monitor hundreds of financial IIS servers and have noticed many requests
for the following:

GET /_vti_bin/owssvr.dll 404

These requests originate from multiple IP addresses, and hit different
machines on
different networks.

Based on the traffic and number of entries I can guess these are not
targeted attacks, but seem to be opportunistic
in nature.

Any information would be helpful.

Sterling.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


-- 
mark seiden, mis () seiden com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: