Re: has anyone else seen this and if you have What is it?


Subject: Re: has anyone else seen this and if you have What is it?
From: Shortpier (shortpier@shortpier.is-a-geek.com)
Date: Tue Jan 28 2003 - 12:02:38 AKST


James Zuelow wrote:

>On Tue, 28 Jan 2003 16:24:55 -0900 (AKST)
>"Mike Tibor" <tibor@lib.uaa.alaska.edu> wrote:
>
>
>
>
>>Not that I know of. I've got a few of the same in the access_log of
>>one of my servers. I think it's either a script used to grab HTTP
>>headers(server type/version, OS, whatever), or possibly something
>>designed to examine how a server handles 404 errors (whether the
>>canned apache error is used, or a custom error page, etc.). Either
>>way, the danger to your system is probably extremely low.
>>
>>
>>
>
>IIRC the Apache chunked encoding exploit does this as a first step.
>The exploit code is different for different platforms (OpenBSD, Linux,
>etc.) so it grabs the headers. If it is a vulnerable combination of
>OS/Apache, the exploit proceeds. If not, it exits. If someone put it
>into a script that tries a given IP multiple times, you might see it
>more than once.
>
>(Or I could be completely wrong.)
>
>Cheers,
>
>James
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
>
Thanks.... Time to make shure im patched up to current

Shortpier

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Tue Jan 28 2003 - 21:08:00 AKST