Re: Strange debug output (HTTP)

[Mark Lastdrager <mark () pine nl>]

At Fri, 31 Aug 2001, incidents-return-1260-mark=nijntje.net@securityfocus.c...:

> Hi,
>
> I have written my own HTTP server and run it on my machine (of course:-)).
> The web server prints out everything it doesn't understand, and today it
> found a http header field named beavuh, and a value which I'm unable to
> understand.
>
>
> I did find that there was a site named www.beavuh.org, but that site was
> down ;-)
>
> Anyway, here is the "value" I received (all on one long line), has
> anyone seen this before?

I see this quite often in snort output, it is an exploit for the IIS5
printer vulnerability. Check http://www.whitehats.com/IDS/535 for a
complete description.

Mark Lastdrager

--
Pine Internet BV ::  tel. +31-70-3111010 ::  fax. +31-70-3111011
PGP 92BB81D1 fingerprint 0059 7D7B C02B 38D2 A853 2785 8C87 3AF1
Today's excuse: The Token fell out of the ring. Call us when you find
it.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com