Zero day security hole in Java plugin

Kasper Grubbe kasperg at benjamin.dk
Fri Jan 11 11:34:28 UTC 2013


It is in the Java plugin running on the browser, nothing to do with NGINX.

The Java zeroday is webserver agnostic, which means that is compatible with
Apache, NGINX, Lighttpd etc.

It requires a webpage to show an applet, and everything goes to hell
afterwards.

Disable your Java plugin in your browser, and never activate it again.


2013/1/11 Andre Jaenisch <andrejaenisch at googlemail.com>

> Hello,
>
> a friend of mine called my attention to the following link:
>
> http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
>
> I'm new to the server's world, so I'm not sure, wether this is "just"
> a Java problem, but also a nginx one, since the server in question is
> nginx 1.0.15 …
> However, it might be a good idea to spread the word of this security hole.
>
> Regards,
>
>
> Andre Jaenisch
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130111/e2185120/attachment-0001.html>


More information about the nginx mailing list