[Dshield] GET image.jpg vulnerability

Jonathan G. Lampe jonathan at stdnet.com
Mon Jul 15 20:19:24 GMT 2002


Useful information here might include the "REFERER" field (hopefully) 
logged by your web server. With that piece of info, you may be able to 
figure out if this is a "legitimate" piece of traffic (sent over by a 
search engine?) or someone fat-fingering into your computer.

My $.02...kind of looks like some admin's discount file sharing 
mechanism..."I'll post a screenshot on my web server...download it 
here."  Probably a GOOD thing for your IDS to be looking for!  (Also, did 
it 404 or 20x on you?)

-jgl

At 02:21 PM 7/15/2002, you wrote:
>This was caught by my IDS yesterday:
>
>GET /image640x480.jpg HTTP/1.1
>
>Just this, from an address somewhere in Germany. Is there a vulnerability 
>associated with this that I'm not aware of? I do not run a public web server.




More information about the list mailing list