https://depthfirst.com/nginx-rift
-
NGINX Rift
An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.
(depthfirst.com)
Anyone running nginx? Noone does that right?
-
NGINX Rift
An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.
(depthfirst.com)
Anyone running nginx? Noone does that right?
@mcfly the vulnerable rewrite looks suspicious even without the flaw
-
NGINX Rift
An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.
(depthfirst.com)
Anyone running nginx? Noone does that right?
> The bug is reachable only when an unnamed PCRE capture is paired with a replacement string that contains a question mark, followed by a rewrite, if, or set directive in the same scope.
… Gesundheit?
-
NGINX Rift
An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.
(depthfirst.com)
Anyone running nginx? Noone does that right?
@mcfly if anyone is I’ve made a plugin for gixy-next to check for the rewrite directives that might be an issue.
Stephen Paulger (@aimaz@mstdn.social)
If anyone is worrying about their NGINX configs because of CVE-2026-42945 I’ve made a fork of gixy-next with a plugin to help find rewrite configs that might be a problem. https://github.com/stephenpaulger/Gixy-Next/tree/add-unnamed-group-plugin I’ll send a merge request but in the meantime my fork’s branch might be useful. Obviously, don’t just trust me, review my change, it’s small enough. #nginx #CyberSecurity #cve_2026_42945
Mastodon 🐘 (mstdn.social)
-
R relay@relay.publicsquare.global shared this topic
