What exploit is this?

apache-2.2 exploit

Solution 1:

I don't mean to discount the validity of your question, but past a certain point, chasing this kind of log traffic just becomes prohibitively time-costly. Script kiddies, automated exploit-probing bots, badly-designed web spiders - they'll all come pay your web server a visit at some point, and they'll all leave bizarre entries in your access logs. What you need to consider, and develop a log analysis strategy to expose, is when access to privileged resources are granted in correlation with these weird lines; you should key your log analysis on finding unexpected privileged access, rather than unexpected requests. Consider how to link your web server access logs against your web application logs to get a better view of what actually constitutes unexpected access. I realize that's pretty general advice, but I hope it's somewhat useful.

Solution 2:

The IP address is from Lisboa, Portugal (as any GeoIP service can tell you). The "\x" escapes are escapes to specify Unicode codepoints, so they should resolve to something more or less meaningful.

But it seems the requests yielded a HTTP 200?

Related

Linux- Convert 2 disk raid1 to raid0
Is the # of CPUs on a virtual machine always meaningful?
OpenVPN routing for OpenVZ containers
Kerberos Login Failed: Cannot resolve network address for KDC in requested realm - Kerio and Open Directory
Is every onboard RAID fake RAID?
Lock resources to prevent unexpected changes
How does the Belkin OmniView Remote IP Manager (IP KVM) do Hard Reboots?
are following assertions about linux load and tomcat right?
Is there an easy way to generate a report on "dead" files in IIS?
Java running in specific environment?
Why is there a /etc/init.d/mysql file on this Slackware machine? How could it have gotten there? [closed]
Mail when root logs in but not from local host