DO NOT REPLY [Bug 51603] New: Apache accepts completely bogus HTTP requests (possible security hole)

Tue, 02 Aug 2011 13:34:36 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=51603

             Bug #: 51603
           Summary: Apache accepts completely bogus HTTP requests
                    (possible security hole)
           Product: Apache httpd-2
           Version: 2.2.19
          Platform: PC
            Status: NEW
          Severity: major
          Priority: P2
         Component: Core
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified


Here are access.log entries for strange machines (worm infested machines?) that
hammer on my Apache server with all sorts of completely bogus HTTP requests
that are ACCEPTED by Apache.  Apache apparently sends something back to the
remote end and I'd really like to know what data it is sending across the wire:

190.3.214.212 - - [02/Aug/2011:05:48:09 +0200]
"F6)\xa1\xa8\x91\xb5z\x15\xb3\xfa\x19\xe0R\x16\xccIG_\x012\x80\x162\xec\xf5C1\xa7"
200 847
93.166.90.65 - - [02/Aug/2011:01:23:42 +0200]
"\xc1D*\xe5/$gcin\x8a\x1f-I\x16\xf5\xf7\xa2\x97\xb8\x16B\xc7\x95\xae\x11\x99W\x80z\xb8\xa0\x03{\x87\x1e\x19\xe5\x02\x92\xb9\x84\x84"
200 847
92.40.253.152 - - [02/Aug/2011:00:33:12 +0200]
"\x12`\xf1J\xc7\xb0c\x149\b\x0e\xdb\xc7\xde\xac" 200 847
213.125.79.2 - - [01/Aug/2011:17:32:04 +0200]
"\xab\xf4+r\xd8\x8f6\xf2\x82\xba\x16\x1a\x8f\x1d\x037\xd7lu\x87k\x90|\x1ax\xec\xdf\xc9?\x8c\xfbjX\x96\xfe\xbe\xc2l\xf3J\xda\xd2\x87!\x94\xb1\x1c\xf2\x02p\x02\xab-\xc1\xe4`\xf7\xde"
200 847
212.183.140.13 - - [01/Aug/2011:18:25:45 +0200]
"\x9a\\(|p\xb0\x9aoF\xa6]u\xaf\xb8\x84\x0e\xa9'_\xd1\xb2\xa1\x9aU\x17K\x83\xe2\xb6\x06\xfe4\x14JO\xf8\xa2\xc4\xbcBT\xb9\x93\xb9\xcf\xea\xc9\xd5"
200 847
213.125.79.2 - - [01/Aug/2011:18:46:40 +0200] "\bU?\xc0\x1ap\xce\x82_" 200 847

As far as I know, which is rather little in this particular case, Apache should
return an error whenever it encounters a malformed HTTP request.


Sincerely,
Mikael Lyngvig

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to