You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/08/26 23:01:55 UTC

DO NOT REPLY [Bug 12054] New: - My Money count in the access.log !!!

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12054>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12054

My Money count in the access.log !!!

           Summary: My Money count in the access.log !!!
           Product: Apache httpd-2.0
           Version: 2.0.35
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Major
          Priority: Other
         Component: All
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: rouxdenis@wanadoo.fr


I have an apache server running on my PC.
This is what I found in the log file :

80.15.34.172 - - [24/Aug/2002:12:31:53 +0100] "GET /scripts/..%
252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 263

Just before the full edition of my count in text edition.
Every page was listed.

I have no /scripts directory on my server, it seems that kind of attack
was not risky for an Apache server...
Or maybe was it just a bug, the page printed on screen ended down it his file?

Does someone know what it is?

Thanks

DEN

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org