so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


→ in reply to @_Blue_hornet

Update: We’ve gotten our hands on an experimental exploit for Nginx 1.18. As we’ve been testing it, a handful of companies and corporations have fallen under it.

Cool, a possible Nginx 1.18 zeroday in the wild. More info about it.

As some further analysis is ongoing, the module relating to the LDAP-auth daemon within nginx is affected greatly. ;) Anything that involves LDAP optional logins works as well. This includes Atlassian accounts. Just working out if we can bypass some common WAFs. Default nginx configs seem to be the vulnerable type, or common configs.