[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Odd log code

Subject: Re: [cobalt-users] Odd log code
From: Phoenix Hawk <phawk@xxxxxxxxxxxxxxx>
Date: Sat Apr 7 01:31:40 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sat, 7 Apr 2001, Rodrigo Velasco wrote:

> Hi again,
>
> I've found the following lines in my last log from my Cobalt4i, I don't
> really know if it means something important, but looks to me how somebody
> was trying to use a sort of script on my server:
>
> ns.mydomain.com 207.175.129.160 - - [07/Apr/2001:06:50:01 -0400] "GET
> /scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
> nnt/system32/cmd.exe?/c%20dir HTTP/1.0" 302 308 "-" "-"

  it's an IIS (Internet Information Server) vulnerability. some kiddie
  trying his/her luck on your webserver.

http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D1912
(click on the "exploit" tab)

  shouldn't be a problem for your cobalt, unless...
  you've IIS and NT running on it :P

  regards.

Follow-Ups:
- RE: [cobalt-users] Odd log code
  - From: Dan Kriwitsky

References:
- [cobalt-users] Odd log code
  - From: Rodrigo Velasco

Prev by Date: [cobalt-users] Re: New Linux worm 'Adore' makes its appearance
Next by Date: RE: [cobalt-users] Re: aspiring moderators
Previous by thread: [cobalt-users] Odd log code
Next by thread: RE: [cobalt-users] Odd log code

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index