Red Hat Bugzilla – Bug 181802
scripts/services/http lists false positive "exploit" on any URL with "null" in it
Last modified: 2007-11-30 17:11:24 EST
Description of problem:
The logwatch report on the http service incorrectly includes some
valid request URL's (under the 'possible successful probes' heading) if those
log entries have the substring "null" anywhere in the quoted request field.
!!!! 1 possible successful probes
/horde3/themes/graphics/tree/nullonly.png HTTP Response 200
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Produce access_log entries with GET request containing "null" in a valid URL
2.Run: logwatch --service http
3.Note incorrectly flagged "probe" in report.
Report includes requests that should be considered valid otherwise.
Such requests should not be included in the report. The match should be made
more explicit, e.g. to match URL's ending in "null" only.
Patch to follow.
Created attachment 124770 [details]
patch to fix false positive probe matches on "null"
Thank you for your notice. This problem is fixed in the last version
(logwatch-7.1-8). The result consists of string ^null$ which describes just the