httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 56234] New: Nominally nonexistent HTTP COOK method works
Date Fri, 07 Mar 2014 20:52:05 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=56234

            Bug ID: 56234
           Summary: Nominally nonexistent HTTP COOK method works
           Product: Apache httpd-2
           Version: 2.2.15
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: bugs@httpd.apache.org
          Reporter: mjbauer@eecs.tufts.edu

Lines of the following form are appearing in my web server logs:

2.191.186.215 - - [07/Mar/2014:03:07:48 -0500] "COOK
/comp/150NET/notes/service-old.php HTTP/1.0" 200 29437 "-" "Mozilla/4.0
(compatible; Synapse)"

I can find no documentation on the COOK method.  Near as I can tell, the COOK
method doesn't exist.  However, it works in Apache 2.2.15 (as shipped by Red
Hat on RHEL 6), and seems to behave identically to the GET method.

Why does the COOK method exist, what (if anything) does it do that is different
from GET, and how can I turn it off?  (My server is already restricted to
GET/HEAD, POST, and OPTIONS, so unless COOK is tied to one of those three, it
already shouldn't work.)

The widespread sources of the COOK requests I'm seeing makes me think that the
requestors are all bots of some sort, and likely scanning for vulnerabilities.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message