| View previous topic :: View next topic |
| Author |
Message |
bobterveuren
Joined: 04 Jul 2005
Posts: 7
|
| Posted: Sun Mar 19, 2006 10:06 pm Post subject: phpgroupware/xmlrpc.php vulnerability attempt |
|
|
Hi
Whilst checking my logs I spotted some never before seen access to the file phpgroupware/xmlrpc.php
A quick google shows that this file was open to attack in the past - I cannot find any mention of 2.0.54 being open to this attack but the access to the file on my server is puzzling.
Any advice?
Thanks
Bob |
|
| Back to top |
|
Vlad Alexa Mancini
Joined: 07 Jul 2003
Posts: 1538
|
| Posted: Sun Mar 19, 2006 11:23 pm Post subject: |
|
|
looks like a attempt on exploiting a xmlrpc vulnerability http://www.kb.cert.org/vuls/id/442845
php itself is not vulnerable to this but there are still some scripts i think that can be exploited , like the one you have been queried for , as long as you do not have it you are fine but i strongly suggest you run pear upgrade XML_RPC in a console
latest apache2triad version numbers are 1.5.4 and 1.4.4
latest apache version numbers are 2.0.55 and 2.2.0
you got them all mixed up |
|
| Back to top |
|
bobterveuren
Joined: 04 Jul 2005
Posts: 7
|
| Posted: Mon Mar 20, 2006 5:40 am Post subject: |
|
|
Hi Alex
Pear upgrade from the command line carried out just fine - thank you for the advice (and the A2T package)
Bob |
|
| Back to top |
|
| |
