On 12/13/2011 7:12 PM, Yehuda Katz wrote:
On Tue, Dec 13, 2011 at 9:50 PM, Knute Johnson <apa...@knutejohnson.com
<mailto:apa...@knutejohnson.com>> wrote:
This showed up in my log today on a Ubuntu server with Apache 2.2.17.
A total of 3 possible successful probes were detected (the following
URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/?file=../../../../../../proc/__self/environ%00 HTTP Response 200
/?mod=../../../../../../proc/__self/environ%00 HTTP Response 200
/?page=../../../../../../proc/__self/environ%00 HTTP Response 200
This can't actually return any data can it?
It should not return any data from Apache itself.
It will do something if you have an application set up that chooses what
file to display based on the query string.
- Y
Thanks. Is there some kind of application that stores data at these
locations normally? Some days I get hundreds of peculiar looking failed
requests that I thought might be attacking some program that interfaces
with apache.
Lately I've been getting a bunch of requests for null files, hundreds of
them.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org