On 12/12/2011 08:47 AM, Galen Seitz wrote: > The following showed up in a logwatch report this morning. Should I > be concerned? The system is running CentOS 5.7. It has some static > pages under http, and squirrelmail, trac, viewvc, and other stuff > under https. I haven't touched the configuration in months, just the > normal yum updates. > > A total of 3 possible successful probes were detected (the following URLs > contain strings that match one or more of a listing of strings that > indicate a possible exploit): > > /?file=../../../../../../proc/self/environ%00 HTTP Response 200 > /?mod=../../../../../../proc/self/environ%00 HTTP Response 200 > /?page=../../../../../../proc/self/environ%00 HTTP Response 200
It should be reasonably straightforward to try going to those urls yourself and see if it works. Scott _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
