You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Javier Koumian <ar...@movi.com.ar> on 2001/08/17 18:14:12 UTC

other/8198: Code Red Problem?

>Number:         8198
>Category:       other
>Synopsis:       Code Red Problem?
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Aug 17 09:20:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     armenio@movi.com.ar
>Release:        
>Organization:
apache
>Environment:
Red Hat Linux release 6.0 (Hedwig)
Linux 2.2.18-gz2 #1 Mon Jan 15 15:12:20 ARST 2001 i686 unknown
gcc 2.95.2
>Description:
200.49.211.130 - - [16/Aug/2001:19:00:58 -0400] "GET /default.ida?XXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090
%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u
531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 277 "-" "-"
200.204.145.244 - - [16/Aug/2001:19:24:51 -0400] "GET /default.ida?XXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u909
>How-To-Repeat:
It occurs randomly with requests made by client web browsers on computers that have been afected by the "Code Red" worm. This problem makes the log files bigger with loose of performance on the server.    
>Fix:
noup. But there must be a way to avoid this problem (at mod_browser , mod_negotiation, or in a transaction module ... etc..)
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]