On 12/13/2011 7:12 PM, Yehuda Katz wrote:
On Tue, Dec 13, 2011 at 9:50 PM, Knute Johnson <apa...@knutejohnson.com <mailto:apa...@knutejohnson.com>> wrote:This showed up in my log today on a Ubuntu server with Apache 2.2.17. A total of 3 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /?file=../../../../../../proc/__self/environ%00 HTTP Response 200 /?mod=../../../../../../proc/__self/environ%00 HTTP Response 200 /?page=../../../../../../proc/__self/environ%00 HTTP Response 200 This can't actually return any data can it? It should not return any data from Apache itself. It will do something if you have an application set up that chooses what file to display based on the query string. - Y
Thanks. Is there some kind of application that stores data at these locations normally? Some days I get hundreds of peculiar looking failed requests that I thought might be attacking some program that interfaces with apache.
Lately I've been getting a bunch of requests for null files, hundreds of them.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
