httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Issac Goldstand <mar...@beamartyr.net>
Subject Re: [users@httpd] Exploit?
Date Mon, 19 Nov 2012 05:45:46 GMT
not sure what it thinks its matching but both of those urls will return 
200 with the homepage on a static site...

Sent from my mobile.  Please excuse any typos, spelling or other weirdness.


Sent with AquaMail for Android
http://www.aqua-mail.com


On November 19, 2012 4:39:58 AM Knute Johnson <apache@knutejohnson.com> wrote:
>   A total of 2 possible successful probes were detected (the following
> URLs contain strings that match one or more of a listing of strings that
>   indicate a possible exploit):
>
>      /?mod=../../../../../../../../proc/self/environ%00 HTTP Response 200
>      /?page=../../../../../../../../proc/self/environ%00 HTTP Response 200
>
>
> Above showed up in my log this morning.  Anybody know what the exploit
> could be and how one can prevent this?
>
> Thanks,
>
> knute...
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message