Hey ppl,
In our logs i've seen a couple of odd webdav requests and I'm wondering if it's an exploit or something that i'm not aware off. I did a few searches but came up empty. The only exploits/problems I could find have to do with an extra long SEARCH request. But nothing like this.
Here's a line from our logs:
What worries me is the %s. This should be the host: header and it smells like a formatstring exploit of some kind. The thing is that this request seems to crash our software. I'd like to verify this so I can inform our supplier of the software about this problem.Code:xxx.xxx.xxx.xxx %s - [10/Jul/2003:12:07:52 +0200] "SEARCH / HTTP/1.1" 501 304 "-" "-""-"
Anybody know of a scanprogram and/or exploit that generates requests like this?
Reply With Quote