tweedge
commented
2 years ago Closing as I see a reference to nginx's announcement was added in Update 7 around nine hours ago.
Closed tweedge closed 2 years ago
tweedge
commented
2 years ago Closing as I see a reference to nginx's announcement was added in Update 7 around nine hours ago.
Hi! Looks like nginx has responded here if you wanted to analyze their claims or add the response to this repo: https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
TL;DR nginx claims this is not an 0day in nginx itself, but acknowledges the security issue in a specific reference implementation.
Very conceivable that folks would deploy the reference implementation in their environment without RTFM or testing, of course. :grimacing: