Date: Thu, 9 Aug 2001 12:35:21 +0200 (CEST) From: Claude Buisson <ubc@paris.framatome.fr> To: "Nickolay A.Kritsky" <nkritsky@internethelp.ru> Cc: Robin Smith <rasmith@aristotle.tamu.edu>, <freebsd-security@FreeBSD.ORG> Subject: Re[2]: should I concerned? Message-ID: <20010809123052.U4026-100000@eve.framatome.fr> In-Reply-To: <7690233759.20010809142523@internethelp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 9 Aug 2001, Nickolay A.Kritsky wrote: > Hello Robin, > > Thursday, August 09, 2001, 5:34:34 AM, you wrote: > > >>>>>> "faSty" == faSty <fasty@i-sphere.com> writes: > > RS> faSty> Hi guys, I noticed the httpd's log (errors and access), > RS> faSty> someone tried expliot the security hole on apache webserver > RS> faSty> and I dont know what this is. > > RS> faSty> my webserver apache version is > > RS> faSty> Server version: Apache/1.3.19 (Unix) Server built: May 17 > RS> faSty> 2001 20:14:06 > > RS> faSty> [08/Aug/2001:14:39:03 -0700] > RS> faSty> > RS> "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a > > RS> Relax: this is Code Red's signature (though the filler is X instead of > RS> N: is this Son of Code Red?). You're running apache, not IIS. > > I have thought that Code Red exploit string must begin with > "/default.idq" > Was I wrong? > I have seen a few of these starting from August 6, amidst a flow of "standard" GET /default.ida?NNNNNNNN... and GET /default.ida?XXXXXXX... Is Code Red II bugged ? > RS> Robin Smith > > RS> To Unsubscribe: send mail to majordomo@FreeBSD.org > RS> with "unsubscribe freebsd-security" in the body of the message > > > > > ;------------------------------------------- > ; NKritsky > ; SysAdmin InternetHelp.Ru > ; http://www.internethelp.ru > ; mailto:nkritsky@internethelp.ru > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Claude Buisson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010809123052.U4026-100000>