Security Incidents mailing list archives

Re: Which webserver exploit is this?

From: bruj0 Gandalf <bruj0 () SOFTHOME NET>
Date: Mon, 24 Jul 2000 15:02:53 -0400

On Sat, 22 Jul 2000, Matthew Breitenstine wrote:

I got the same thing the other day.

his.ip.net - - [16/Jul/2000:20:21:10 -0500] "http://%a:%p/,HEAD /" 501 -


On Sat, 22 Jul 2000, Jaap wrote:

Hi,

I'm running a some Linux/apache webservers, and all of them have this
somewhere in the logs. Now I don't mind ppl. trying things,
but I would like to know what their trying.

Any ideas?

his.ip.net - - [21/May/2000:20:02:14 +0200] "http://%a:%p/,HEAD /" 403 -

Hi, i have been doin some research on format bugs and for what it looks
like it seems somebody is trying to test if apache has it, %a for
converting to hex, and %p for converting to pointer.
Of cource this is just a guess. Hope it helps.

-------------------------------------------
            bruj0 () phreaker net
        A word from our sponsor:
         /"\
         \ /     ASCII Ribbon Campaign
          X      Against HTML Mail
         / \
-------------------------------------------

Current thread:

Which webserver exploit is this? Jaap (Jul 22)
- <Possible follow-ups>
- Re: Which webserver exploit is this? The Incubus (Jul 24)
- Re: Which webserver exploit is this? Michael Cook (Jul 24)
  - Re: Which webserver exploit is this? Richard Bartlett (Jul 24)
- Re: Which webserver exploit is this? bruj0 Gandalf (Jul 25)
- Which webserver exploit is this? CLEARY Tom <Con> (Jul 25)
- Re: Which webserver exploit is this? Fredrik Ostergren (Jul 26)