www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Fleishman <gl...@glenns.org>
Subject other/5816: new attack pattern using long cookies?
Date Mon, 28 Feb 2000 01:06:43 GMT

>Number:         5816
>Category:       other
>Synopsis:       new attack pattern using long cookies?
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Sun Feb 27 17:10:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     glenn@glenns.org
>Release:        1.3.9
>Organization:
apache
>Environment:
RedHat 6.1, gcc latest version
>Description:
I noticed a very long cookie in a recent user request. I'm wondering if this is  a new attack
pattern and whether Apache is secure against it:

www.joyofpi.com 193.115.251.70 - - [27/Feb/2000:17:00:42 -0800] "GET / HTTP/1.0" 200 - "-"
"Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)" "ASPSESSIONIDGQGQQHGJ=BPFJOJFABOACGJAAAKGKOPPF;
VisID=193.115.251.70.19965951688643998; Apache=193.115.251.70.10052.951688618.392; ASPSESSIONIDQQQQGGAB=INFCPFGBFCKJPDINKDAPIBIM;
RMID=c173fb4638b99d60; SITESERVER=ID=04fd3ec7a1b730ac60154523f65c08f3; ASPSESSIONIDQQGGGHRM=LPNFCDFDDNLCMGLGEIGFBEJA;
ASPSESSIONIDQGQGGGFY=BMOHEPACLJJMELCFHBEFCBBD; ASPSESSIONIDQQGGGRRQ=CNHJPMIDEBILFGFHGCGPEGCI;
WEBTRENDS_ID=193.115.251.70-3914068400.29327725; ASPSESSIONIDQGGGGGBT=FDIDFHDDAMJILFMMEEJPIEDE;
ASPSESSIONIDGGGQGHXH=BJAIPMKAIPMCOJFMADGMFNPP; INTERSE=193.115.251.708596951688990940; IRATEsession=IRATEsession;
ASPSESSIONIDGQQQQQCX=HKNBOCMCHGPGJBLJLFPNKKKP; ASPSESSIONIDQQQQGHWO=EAIJEAHABMMJJDBMGFNJIGOM;
ASPSESSIONIDGGQQGGDJ=CDFEJIPAJHNMBHDKBJMGNAHJ; ASPSESSIONIDGGQQGQYE=BIMJFOBABACCIAJFGGHEDDJD;
ASPSESSIONIDQGGQQGAA=MGABFFKCIEMGIJMFFBFMCNJE; ASPSESSIONIDGQQQQQDF=FKMHFFBDGFHEGGADBHLKEKNF;
ASPSESSIONIDQGGQGQBW=NLBFOCHDIDAMKLCIHBNABNAK; ASPSESSIONIDGQGQQGYB=HPPNCNKBCCBBEGLGFHNHNMHO;
ASPSESSIONID=TZVAUQXHIDUKUHJZ; ASPSESSIONIDQGGQGGAL=POJHNKICEIKIAAFLKGJLHDIG; AccipiterId=0023844a*Def;
ASPSESSIONIDGQGQQGYT=NIFNNEBDCDNGAJJAGPDEFMKE; ASPSESSIONIDGQGGGGCJ=MGJDBPAABMPNNIGIBGJFILIO;
EGSOFT_ID=193.115.251.70-4264881104.29327726; ASPSESSIONIDGGGGQGLR=PIBMCLHCOLJPBLCEDDNKEAJM;
ASPSESSIONIDQGGQQQAC=LLBAHGKDKDKOMMPIHNKNCEDE; ASPSESSIONIDQQGGQQLP=JKKFGOGANPGACAMFGMPFCMIC;
ASPSESSIONIDGQGGQQDC=KMELFLJDHDLPHAENJHNNDEDF; ASPSESSIONIDGQGQQQKN=NJPFHLKDOFDHOEGOFLLHIKMC;
IPCLog=193%2E115%2E251%2E70%3A2%2F27%2F00; ASPSESSIONIDGGGQGGKX=PJLAEOLAAHAJLBDNHBPOCGJD;
ASPSESSIONIDGQQGQGEX=NOOHJKACDNOIONIGAAPHDEEE; CFTOKEN=20375; CFID=1614275; NGUserID=d1433e1a-149-951689984-1;
ASPSESSIONIDQQGQGHRB=EFCFIEIDPKPBFHJBKLABNJMB; TIG1=19310867oi951689482000; ASPSESSIONIDGGQQGQCB=LMGNAAKDEKIGDNOGHLDOFINL;
ASPSESSIONIDQQGQQQAS=HNAAJDCDEMJIDMGJCANCJJCE; ASPSESSIONIDQGQQQQDD=MIPJKBIAGEBJHPCCHLOJNPKF;
ASPSESSIONIDGGGGGQAX=GHCMEMICEEGABCHDLNMGAMHE; ASPSESSIONIDQQGQGHMK=BNFADACALOAPEAFLEPGAFBMC;
ASPSESSIONIDQGQGQRPQ=AJKPPLMALHIEAGHEKJDKBDNM; ASPSE"
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message