[mod-security-users] Error normalizing REQUEST_URI
Brought to you by:
victorhora,
zimmerletw
From: Kim <kim...@ya...> - 2006-07-03 11:03:24
|
Folks: I saw these logs, some of our developers were testing this out. Was this problem with URL encoding in the test case or problem with mod_security normalization functions (logs were edited for site sensitive info). This happens on 1.x system. Thanks, "GET /index.php/view/search/?query_string=nessus&search=../../../../../../../../etc/passwd%00 HTTP/1.1" Error normalizing REQUEST_URI: Invalid character detected [0] "GET /index.php/view/search/?query_string=nessus&search=../../../../../../../../etc/passwd%00.html HTTP/1.1" 500 Error normalizing REQUEST_URI: Invalid character detected [0] "PUT /%08x HTTP/1.1" Error normalizing REQUEST_URI: Invalid character detected [8] "DELETE /%08x HTTP/1.1" 500 Error normalizing REQUEST_URI: Invalid character detected [8] --------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min. |