Security Incidents mailing list archives
vulnerability in glocation.cgi?
From: Christine Kronberg <Christine_Kronberg () genua de>
Date: Thu, 8 Jan 2004 19:18:21 +0100 (CET)
Hi, I just checked my private webserver and found several attempts to perform an "ls -la" via glocation.cgi. I never had such an cgi on my server. I googled but all I found was a hint that this problem may have occurred somewhen in august 2003. I found nothing at securityfocus. These attempts are coming from various IPs every couple of minutes starting with x.x.x.x - - [08/Jan/2004:17:06:42 +0100] "GET /cgi-bin/glocation.cgi?g=ls%20-la HTTP/1.1" 404 1100 "-" "-" The funny thing is, that the target is a virtual webserver. The main server does not get this kind of stuff. Does anyone observe the same? Any hints for more information? Cheers, Chris. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- new ftp worm Mike Tancsa (Jan 06)
- <Possible follow-ups>
- RE: new ftp worm Jim Harrison (ISA) (Jan 07)
- vulnerability in glocation.cgi? Christine Kronberg (Jan 09)
- RE: new ftp worm KlaĆĄnja Dario (Jan 12)