Oh.
-
@cR0w "the bigger the BIG-IP, the bigger the CVE!" as the old saying goes
-
@cR0w "the bigger the BIG-IP, the bigger the CVE!" as the old saying goes
@huronbikes Yeah but that NGINX vuln...
-
@huronbikes Yeah but that NGINX vuln...
@cR0w oh that's just a little oopsie-doodle that can *adjusts glasses* crash the server or lead to RCE.
-
@cR0w oh that's just a little oopsie-doodle that can *adjusts glasses* crash the server or lead to RCE.
@cR0w "that's 6-7 skibbidi bad", as nobody's kids say.
-
@cR0w "that's 6-7 skibbidi bad", as nobody's kids say.
@huronbikes IDK, I might need @catsalad to confirm that verbiage.
-
@cR0w oh that's just a little oopsie-doodle that can *adjusts glasses* crash the server or lead to RCE.
@cR0w https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686 is the commit that addresses the nginx rewrite vuln. It's funny, I was looking for a much more involved piece of code that would address it but looks like it's an issue with properly resetting the state of a custom arg parser.
-
@cR0w https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686 is the commit that addresses the nginx rewrite vuln. It's funny, I was looking for a much more involved piece of code that would address it but looks like it's an issue with properly resetting the state of a custom arg parser.
@huronbikes It's funny how in software, such small things can be catte-strophic.
-
@huronbikes It's funny how in software, such small things can be catte-strophic.
@cR0w well, it's fine, it's not like NginX is used very much, for everything, all over. Also not like this affected the Kubernetes NginX ingress controller... very much...
-
@cR0w well, it's fine, it's not like NginX is used very much, for everything, all over. Also not like this affected the Kubernetes NginX ingress controller... very much...
@huronbikes @cR0w you mean the ingress controller which is EOL anyway?
-
@huronbikes @cR0w you mean the ingress controller which is EOL anyway?
-
I actually came here to make a joke about that because there are TWO similarly named controllers:
Ingress NGINX Controller: deprecated, owned by the K8s projectNGINX Ingress Controller: still alive, owned by F5
-
I actually came here to make a joke about that because there are TWO similarly named controllers:
Ingress NGINX Controller: deprecated, owned by the K8s projectNGINX Ingress Controller: still alive, owned by F5
@TomSellers @bws @cR0w that second one is definitely part of the advisory. Fun will be had by all.
-
I actually came here to make a joke about that because there are TWO similarly named controllers:
Ingress NGINX Controller: deprecated, owned by the K8s projectNGINX Ingress Controller: still alive, owned by F5
@TomSellers @huronbikes @bws @cR0w don't forget the dozens of OTHER 'nginx controllers' offered various places.
-
@cR0w maybe I should be happy they laid me off last year
-
@cR0w maybe I should be happy they laid me off last year
@eruonna Oof, IDK about that but I get it.
-
@huronbikes @bws @cR0w I've definitely never seen a Server 2012 in production.
Nope.
That would be CRAZY since it's EOL.
-
@cR0w "the bigger the BIG-IP, the bigger the CVE!" as the old saying goes
@huronbikes @cR0w @cR0w
Isn't Big Ip that one Peter Gabriel song?
