Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Strange debug output (HTTP)

Re: Strange debug output (HTTP)

From: Mark Lastdrager <mark_at_pine.nl>
Date: Sat, 1 Sep 2001 20:04:28 +0200 (MET DST)

At Fri, 31 Aug 2001, incidents-return-1260-mark=nijntje.net_at_securityfocus.c...:

>Hi,
>
>I have written my own HTTP server and run it on my machine (of course:-)).
>The web server prints out everything it doesn't understand, and today it
>found a http header field named beavuh, and a value which I'm unable to
>understand.
>
>
>I did find that there was a site named www.beavuh.org, but that site was
>down ;-)
>
>Anyway, here is the "value" I received (all on one long line), has
>anyone seen this before?

I see this quite often in snort output, it is an exploit for the IIS5
printer vulnerability. Check http://www.whitehats.com/IDS/535 for a
complete description.

Mark Lastdrager 

--
Pine Internet BV ::  tel. +31-70-3111010 ::  fax. +31-70-3111011
PGP 92BB81D1 fingerprint 0059 7D7B C02B 38D2 A853 2785 8C87 3AF1
Today's excuse: The Token fell out of the ring. Call us when you find
it.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Sep 02 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos