What was the full URI ? Are you sure it wasn't some box infected with
Code Red II or the like ?
On a side note, how could this vulnerability yeild a root shell when
apache isn't/shouldn't be running as root.
-Blake
On 1 Feb 2002, Russell Fulton wrote:
> On Fri, 2002-02-01 at 10:30, Russell Fulton wrote:
>
> >
> > Hmmm.... we saw an attack two days ago against an apache server which
> > consisted of GETs and POST followed by long strings of Xs followed by shell
> > code.
>
> I have just got the logs from the admin and I find I lied, no shell code
> was logged by apache, just the long string of 'X'S (about 8186 of them).
> So either there was no shell code or apache truncated the string when it
> logged it.
>
> Apologies for the confusion.
>
> --
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland, New Zealand
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Feb 01 2002
Intro
