The following showed up in a logwatch report this morning. Should I
be concerned? The system is running CentOS 5.7. It has some static
pages under http, and squirrelmail, trac, viewvc, and other stuff
under https. I haven't touched the configuration in months, just the
normal yum updates.
A total of 3 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/?file=../../../../../../proc/self/environ%00 HTTP Response 200
/?mod=../../../../../../proc/self/environ%00 HTTP Response 200
/?page=../../../../../../proc/self/environ%00 HTTP Response 200
thanks,
galen
--
Galen Seitz
[email protected]
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
