0day security issue #244

chamba · 2018-04-02T18:33:25Z

La version de Nginx que usan es vulnerable a una falla de tipo RCO con exploit publico, nixawk/labs#15. Tienen que actualizar la versión de Nginx

Ademas están filtrando la version del server que usan en varios lugares, deberían remover esa información.

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 90
Connection: close
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9996
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 3
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 02 Apr 2018 18:26:41 GMT
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
X-Kong-Upstream-Latency: 26
X-Kong-Proxy-Latency: 2
Via: kong/0.11.2

{"errors": [{"error": "Par\u00e1metro format inv\u00e1lido: <built-in function format>"}]}

[email protected]
[email protected]

The text was updated successfully, but these errors were encountered:

lucaslavandeira · 2018-04-27T14:51:52Z

Gracias por notificarnos! Ya tomamos las medidas necesarias y próximamente se deployará el fix a los servidores productivos

abenassi added búsqueda paquetización seguridad Issues relativos a la seguridad de la aplicación. labels Apr 3, 2018

abenassi added to do and removed búsqueda labels Apr 18, 2018

lucaslavandeira added in progress and removed to do labels Apr 24, 2018

lucaslavandeira closed this as completed Apr 27, 2018

lucaslavandeira removed the in progress label Apr 27, 2018

poligarcia added the 3sp label May 2, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

0day security issue #244

0day security issue #244

chamba commented Apr 2, 2018

lucaslavandeira commented Apr 27, 2018

0day security issue #244

0day security issue #244

Comments

chamba commented Apr 2, 2018

lucaslavandeira commented Apr 27, 2018