Did I miss the memo?
It’s (very) briefly mentioned in this post by Dave Aitel, third
paragraph, second sentence…
On Fri, Jun 04, 2010 at 12:38:58PM -0400, Hinky Dink wrote:
Did I miss the memo?
It’s (very) briefly mentioned in this post by Dave Aitel, third
paragraph, second sentence…
I do not know what he is talking about.
The current vulnerabilities are listed here:
http://nginx.org/en/security_advisories.html
and there are no remote exploits among them.
–
Igor S.
http://sysoev.ru/en/
On Sat, Jun 5, 2010 at 12:00 AM, Igor S. [email protected] wrote:
The current vulnerabilities are listed here:
nginx security advisories
and there are no remote exploits among them.
I believe something related to the recent php pathinfo things
–
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
On Sat, 2010-06-05 at 00:26 +0700, Edho P Arief wrote:
I believe something related to the recent php pathinfo things
I believe he is referring to old exploits (hence the title mentioning
“dinosaurs”). The posting is specifically referring to stuff people
never got around to and he says “works even when you don’t expect it to”
about the Nginx exploit.
My feeling is that if you are running an up-to-date version of Nginx
then whatever exploit he is referring to will not affect you.
Cliff
–