Security Incidents mailing list archives
Re: Which webserver exploit is this?
From: bruj0 Gandalf <bruj0 () SOFTHOME NET>
Date: Mon, 24 Jul 2000 15:02:53 -0400
On Sat, 22 Jul 2000, Matthew Breitenstine wrote:
I got the same thing the other day. his.ip.net - - [16/Jul/2000:20:21:10 -0500] "http://%a:%p/,HEAD /" 501 - On Sat, 22 Jul 2000, Jaap wrote:Hi, I'm running a some Linux/apache webservers, and all of them have this somewhere in the logs. Now I don't mind ppl. trying things, but I would like to know what their trying. Any ideas? his.ip.net - - [21/May/2000:20:02:14 +0200] "http://%a:%p/,HEAD /" 403 -
Hi, i have been doin some research on format bugs and for what it looks like it seems somebody is trying to test if apache has it, %a for converting to hex, and %p for converting to pointer. Of cource this is just a guess. Hope it helps. ------------------------------------------- bruj0 () phreaker net A word from our sponsor: /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -------------------------------------------
Current thread:
- Which webserver exploit is this? Jaap (Jul 22)
- <Possible follow-ups>
- Re: Which webserver exploit is this? The Incubus (Jul 24)
- Re: Which webserver exploit is this? Michael Cook (Jul 24)
- Re: Which webserver exploit is this? Richard Bartlett (Jul 24)
- Re: Which webserver exploit is this? bruj0 Gandalf (Jul 25)
- Which webserver exploit is this? CLEARY Tom <Con> (Jul 25)
- Re: Which webserver exploit is this? Fredrik Ostergren (Jul 26)