Zero day security hole in Java plugin

Kasper Grubbe kasperg at
Fri Jan 11 11:34:28 UTC 2013

It is in the Java plugin running on the browser, nothing to do with NGINX.

The Java zeroday is webserver agnostic, which means that is compatible with
Apache, NGINX, Lighttpd etc.

It requires a webpage to show an applet, and everything goes to hell

Disable your Java plugin in your browser, and never activate it again.

2013/1/11 Andre Jaenisch <andrejaenisch at>

> Hello,
> a friend of mine called my attention to the following link:
> I'm new to the server's world, so I'm not sure, wether this is "just"
> a Java problem, but also a nginx one, since the server in question is
> nginx 1.0.15 …
> However, it might be a good idea to spread the word of this security hole.
> Regards,
> Andre Jaenisch
> _______________________________________________
> nginx mailing list
> nginx at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list