Zero day security hole in Java plugin


a friend of mine called my attention to the following link:

I’m new to the server’s world, so I’m not sure, wether this is “just”
a Java problem, but also a nginx one, since the server in question is
nginx 1.0.15 …
However, it might be a good idea to spread the word of this security


Andre J.

It is in the Java plugin running on the browser, nothing to do with

The Java zeroday is webserver agnostic, which means that is compatible
Apache, NGINX, Lighttpd etc.

It requires a webpage to show an applet, and everything goes to hell

Disable your Java plugin in your browser, and never activate it again.

2013/1/11 Andre J. [email protected]