Security Incidents mailing list archives
Re: Unknown web log entry - new FrontPage exploit?
From: TJ Jablonowski <t.jablonowski () MAIL-2-GO COM>
Date: Fri, 22 Dec 2000 04:46:06 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If I remember correctly it is part of Office2K server extensions, an subset of the FP Server extensions. Don't have a machine to check right now though so not sure. Could somebody be using a component from it in their webpage??? - ----- Original Message ----- From: "Michael Katz" <mike () RESPONSIBLE COM> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Thursday, December 21, 2000 16:44 Subject: Unknown web log entry - new FrontPage exploit?
Hi all, Recently, I have noticed the following web log entry appearing 2-3 times per day. GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2202&STRMVER=4&CAPREQ=0 Based on the _vti_bin directory, I believe it's associated with FrontPage. When I tested the entry against a server using FrontPage extension, I receive the following message:
-----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBOkMi22+7g8loOAk5EQKfhQCg12dZqBxHNni5Vpj3HZo6ugCprZsAn1fk seLToWv48lT0Hvxg3dWJMhMj =edLV -----END PGP SIGNATURE-----
Current thread:
- udp port 500 scans Blake Frantz (Dec 21)
- Re: udp port 500 scans Jeff (Dec 21)
- Re: udp port 500 scans Greg Woods (Dec 21)
- Unknown web log entry - new FrontPage exploit? Michael Katz (Dec 21)
- Re: Unknown web log entry - new FrontPage exploit? TJ Jablonowski (Dec 22)
- Re: udp port 500 scans TJ Jablonowski (Dec 21)
- Unknown web log entry - new FrontPage exploit? Michael Katz (Dec 21)
- <Possible follow-ups>
- Re: udp port 500 scans Green, Art (MED) (Dec 21)