<div dir="ltr">It is in the Java plugin running on the browser, nothing to do with NGINX.<div><br></div><div style>The Java zeroday is webserver agnostic, which means that is compatible with Apache, NGINX, Lighttpd etc. </div>
<div style><br></div><div style>It requires a webpage to show an applet, and everything goes to hell afterwards.</div><div style><br></div><div style>Disable your Java plugin in your browser, and never activate it again.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/1/11 Andre Jaenisch <span dir="ltr"><<a href="mailto:andrejaenisch@googlemail.com" target="_blank">andrejaenisch@googlemail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
a friend of mine called my attention to the following link:<br>
<a href="http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html" target="_blank">http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html</a><br>
<br>
I'm new to the server's world, so I'm not sure, wether this is "just"<br>
a Java problem, but also a nginx one, since the server in question is<br>
nginx 1.0.15 …<br>
However, it might be a good idea to spread the word of this security hole.<br>
<br>
Regards,<br>
<br>
<br>
Andre Jaenisch<br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div><br></div>