Did you try it yourself? On Dec 14, 2011 1:50 PM, "Knute Johnson" <[email protected]> wrote:
> This showed up in my log today on a Ubuntu server with Apache 2.2.17. > > A total of 3 possible successful probes were detected (the following URLs > contain strings that match one or more of a listing of strings that > indicate a possible exploit): > > /?file=../../../../../../proc/**self/environ%00 HTTP Response 200 > /?mod=../../../../../../proc/**self/environ%00 HTTP Response 200 > /?page=../../../../../../proc/**self/environ%00 HTTP Response 200 > > This can't actually return any data can it? > > Thanks, > > knute... > > ------------------------------**------------------------------**--------- > The official User-To-User support forum of the Apache HTTP Server Project. > See > <URL:http://httpd.apache.org/**userslist.html<http://httpd.apache.org/userslist.html>> > for more info. > To unsubscribe, e-mail: > users-unsubscribe@httpd.**apache.org<[email protected]> > " from the digest: > users-digest-unsubscribe@**httpd.apache.org<[email protected]> > For additional commands, e-mail: [email protected] > >
