Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Aug 2001 12:35:21 +0200 (CEST)
From:      Claude Buisson <ubc@paris.framatome.fr>
To:        "Nickolay A.Kritsky" <nkritsky@internethelp.ru>
Cc:        Robin Smith <rasmith@aristotle.tamu.edu>, <freebsd-security@FreeBSD.ORG>
Subject:   Re[2]: should I concerned?
Message-ID:  <20010809123052.U4026-100000@eve.framatome.fr>
In-Reply-To: <7690233759.20010809142523@internethelp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Thu, 9 Aug 2001, Nickolay A.Kritsky wrote:

> Hello Robin,
>
> Thursday, August 09, 2001, 5:34:34 AM, you wrote:
>
> >>>>>> "faSty" == faSty  <fasty@i-sphere.com> writes:
>
> RS>     faSty> Hi guys, I noticed the httpd's log (errors and access),
> RS>     faSty> someone tried expliot the security hole on apache webserver
> RS>     faSty> and I dont know what this is.
>
> RS>     faSty> my webserver apache version is
>
> RS>     faSty> Server version: Apache/1.3.19 (Unix) Server built: May 17
> RS>     faSty> 2001 20:14:06
>
> RS>     faSty> [08/Aug/2001:14:39:03 -0700]
> RS>     faSty>
> RS> "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>
> RS> Relax: this is Code Red's signature (though the filler is X instead of
> RS> N: is this Son of Code Red?).  You're running apache, not IIS.
>
> I have thought that Code Red exploit string must begin with
> "/default.idq"
> Was I wrong?
>

I have seen a few of these starting from August 6, amidst a flow of
"standard" GET /default.ida?NNNNNNNN... and GET /default.ida?XXXXXXX...
Is Code Red II bugged ?


> RS> Robin Smith
>
> RS> To Unsubscribe: send mail to majordomo@FreeBSD.org
> RS> with "unsubscribe freebsd-security" in the body of the message
>
>
>
>
> ;-------------------------------------------
> ; NKritsky
> ; SysAdmin InternetHelp.Ru
> ; http://www.internethelp.ru
> ; mailto:nkritsky@internethelp.ru
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

Claude Buisson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010809123052.U4026-100000>