[PLUG] possible successful probes were detected ?
Galen Seitz
galens at seitzassoc.com
Mon Dec 12 16:47:07 UTC 2011
The following showed up in a logwatch report this morning. Should I
be concerned? The system is running CentOS 5.7. It has some static
pages under http, and squirrelmail, trac, viewvc, and other stuff
under https. I haven't touched the configuration in months, just the
normal yum updates.
A total of 3 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/?file=../../../../../../proc/self/environ%00 HTTP Response 200
/?mod=../../../../../../proc/self/environ%00 HTTP Response 200
/?page=../../../../../../proc/self/environ%00 HTTP Response 200
thanks,
galen
--
Galen Seitz
galens at seitzassoc.com
More information about the PLUG
mailing list