Re: Apache Win32 8192 chars string bug: LOG FILES EMPTY

From: Auriemma Luigi (kaino3at_private)
Date: Sun Apr 15 2001 - 15:44:38 PDT

Next message: fish stiqz: "Remote BSD ftpd glob exploit"

Previous message: Pablo Ruiz Garcia: "Re: Reliant Unix 5.43 / 5.44 ICMP port unreachable problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have forgotten the most important effect of the bug.
Apache don't register the attacker's request in the log files
(access and error DON'T report the string, the error or other information
about the event). This is very useful for the attacker for run remote
commands or open idle connections without the danger of be logged.

Next message: fish stiqz: "Remote BSD ftpd glob exploit"
Previous message: Pablo Ruiz Garcia: "Re: Reliant Unix 5.43 / 5.44 ICMP port unreachable problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 00:16:37 PDT