[20213] in bugtraq
Re: Apache Win32 8192 chars string bug: LOG FILES EMPTY
daemon@ATHENA.MIT.EDU (Auriemma Luigi)
Mon Apr 16 03:17:12 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.WNT.4.33.0104160028540.996-100000@ect004>
Date: Mon, 16 Apr 2001 00:44:38 +0200
Reply-To: Auriemma Luigi <kaino3@GENIE.IT>
From: Auriemma Luigi <kaino3@GENIE.IT>
To: BUGTRAQ@SECURITYFOCUS.COM
I have forgotten the most important effect of the bug.
Apache don't register the attacker's request in the log files
(access and error DON'T report the string, the error or other information
about the event). This is very useful for the attacker for run remote
commands or open idle connections without the danger of be logged.
