Apache buffer overflow attempt

Subject: Apache buffer overflow attempt
From: James Zuelow (e5z8652@zuelow.net)
Date: Sat Oct 12 2002 - 22:12:00 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: The Alaskan Bear: "Re: Apache buffer overflow attempt"
• Previous message: Christopher Swingley: "Re: Mozilla and ssl"
• Next in thread: The Alaskan Bear: "Re: Apache buffer overflow attempt"

Here's an interesting hit that was directed at www.juneau-lug.org. I've not seen this particular type of buffer overflow in my logs before. Anyone recognise it? There were 20 attempts, all ~1 second apart according to the time stamp.

Cheers,

James

----Apache log entry

[Fri Oct 11 18:22:56 2002] [error] [client 207.33.111.34] Invalid method in request HEAD%00 /%20HTTP/1.0%0D%0A%0D%0AAccept%3A%20echgncjufwfnuwxcec/../../index.html%3fmmjdpoqufdkcwrx=/../ssrbqjfzisudziohwucbuypjhahahmclgucjbznihslzgjonzzefnqqotnadjfbufderfkhwgswagogsshkygtoesxjvltckrqndqyplbjlavc
[about 13 lines of apparently random characters stripped]

hpoifyyhtxylrdcnpqrnrcsbxyubbreqinfbavfwojasoqslxcpphnlrkvrniyln/.././ HTTP/1.0

Of the 20, they were all more or less the same except the second attempt which generated a different error:

[Fri Oct 11 18:22:57 2002] [error] [client 207.33.111.34] Invalid method in request GET%00 /%20HTTP/1.0%0D%0A%0D%0AAccept%3A%20hepevbluntodxmq/../../index.html%3frfxbheaihaysvjo=/../znxxlp [snip]

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: The Alaskan Bear: "Re: Apache buffer overflow attempt"
• Previous message: Christopher Swingley: "Re: Mozilla and ssl"
• Next in thread: The Alaskan Bear: "Re: Apache buffer overflow attempt"

This archive was generated by hypermail 2a23 : Sat Oct 12 2002 - 22:09:23 AKDT