https://issues.apache.org/bugzilla/show_bug.cgi?id=56234
Bug ID: 56234
Summary: Nominally nonexistent HTTP COOK method works
Product: Apache httpd-2
Version: 2.2.15
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: [email protected]
Reporter: [email protected]
Lines of the following form are appearing in my web server logs:
2.191.186.215 - - [07/Mar/2014:03:07:48 -0500] "COOK
/comp/150NET/notes/service-old.php HTTP/1.0" 200 29437 "-" "Mozilla/4.0
(compatible; Synapse)"
I can find no documentation on the COOK method. Near as I can tell, the COOK
method doesn't exist. However, it works in Apache 2.2.15 (as shipped by Red
Hat on RHEL 6), and seems to behave identically to the GET method.
Why does the COOK method exist, what (if anything) does it do that is different
from GET, and how can I turn it off? (My server is already restricted to
GET/HEAD, POST, and OPTIONS, so unless COOK is tied to one of those three, it
already shouldn't work.)
The widespread sources of the COOK requests I'm seeing makes me think that the
requestors are all bots of some sort, and likely scanning for vulnerabilities.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
