Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. https://depthfirst.com/nginx-rift

https://depthfirst.com/nginx-rift

Scheduled Pinned Locked Moved Uncategorized
nginxinfoseccybersecurity
4 Posts 4 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • mcfly@milliways.socialM This user is from outside of this forum
    mcfly@milliways.socialM This user is from outside of this forum
    mcfly@milliways.social
    wrote last edited by
    #1

    https://depthfirst.com/nginx-rift

    Anyone running nginx? Noone does that right?

    #nginx #infosec #cybersecurity

    cy@chaos.socialC equinox@chaos.socialE aimaz@mstdn.socialA 3 Replies Last reply
    1
    0
    • mcfly@milliways.socialM mcfly@milliways.social

      https://depthfirst.com/nginx-rift

      Anyone running nginx? Noone does that right?

      #nginx #infosec #cybersecurity

      cy@chaos.socialC This user is from outside of this forum
      cy@chaos.socialC This user is from outside of this forum
      cy@chaos.social
      wrote last edited by
      #2

      @mcfly the vulnerable rewrite looks suspicious even without the flaw 😄

      1 Reply Last reply
      0
      • mcfly@milliways.socialM mcfly@milliways.social

        https://depthfirst.com/nginx-rift

        Anyone running nginx? Noone does that right?

        #nginx #infosec #cybersecurity

        equinox@chaos.socialE This user is from outside of this forum
        equinox@chaos.socialE This user is from outside of this forum
        equinox@chaos.social
        wrote last edited by
        #3

        @mcfly

        > The bug is reachable only when an unnamed PCRE capture is paired with a replacement string that contains a question mark, followed by a rewrite, if, or set directive in the same scope.

        … Gesundheit?

        1 Reply Last reply
        0
        • mcfly@milliways.socialM mcfly@milliways.social

          https://depthfirst.com/nginx-rift

          Anyone running nginx? Noone does that right?

          #nginx #infosec #cybersecurity

          aimaz@mstdn.socialA This user is from outside of this forum
          aimaz@mstdn.socialA This user is from outside of this forum
          aimaz@mstdn.social
          wrote last edited by
          #4

          @mcfly if anyone is I’ve made a plugin for gixy-next to check for the rewrite directives that might be an issue.

          https://mstdn.social/@aimaz/116572448465580321

          1 Reply Last reply
          0
          • R relay@relay.publicsquare.global shared this topic
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes

          • Login
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • World
          • Users
          • Groups