[9173] in bugtraq
Re: [NTSEC] IIS 4 Request Logging Security Advisory
daemon@ATHENA.MIT.EDU (Information Services)
Fri Jan 22 14:07:22 1999
Date: Fri, 22 Jan 1999 08:13:29 -0400
Reply-To: Information Services <omigosh@CARIBSURF.COM>
From: Information Services <omigosh@CARIBSURF.COM>
X-To: ntsecurity@iss.net, ntbugtraq@listserv.ntbugtraq.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <007001be45f7$779a6b80$98cfd6cd@greeble>
Hi David:
I tried the AVOID.EXE from my Win98 PC and pointed it at my
www.spiceisle.com webserver, which is running NT4/IIS3/SP4 with the IIS=
GET
hotfix.
The following was reported in the IIS log file:
nnn.nnn.nnn.nnn,-,22/01/99,07:57:37,W3SVC,WWW,205.214.207.98,401,10183,=
101,4
00,0,-,-,-,
where nnn.nnn.nnn is the IP address of my workstation.
AVOID.EXE returned the following information in the DOS window that I r=
an it
from:
C:\download>avoid www.spiceisle.com
HTTP/1.0 400 Bad Request
Content-Type: text/html
<body><h1>HTTP/1.0 400 Bad Request
</h1></body>=95c
HTTP/1.0 400 Bad Request
Content-Type: text/html
<body><h1>HTTP/1.0 400 Bad Request
</h1></body>=95c
Looks like the server's safe once SP4 and the IIS GET hotfix are loaded=
.
HTH,
Brian Steele
