Is there any available proof of concept or other test for this exploit? I'm
applying the patch to our systems and would like some way to check that the
fix is effective.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,275424,275439#msg-275439
___
Hi folks,
OpenResty 1.11.2.4 is just released to include the latest nginx
security fix in its range filter module (CVE-2017-7529).
You can download this version's source tarball and Win32 binary from
the following page:
https://openresty.org/en/download.html
Pre-built Linux binary packages
Couldn't you use
max_ranges 0;
To disable byte range support completely.
Also won't setting the value of ranges to max_ranges 1; break pseudo
streaming in HTML5 video apps etc. ?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,275424,275437#msg-275437
__
Hello Nginx users,
Now available: Nginx 1.13.3 for Windows
https://kevinworthington.com/nginxwin1133
(32-bit and 64-bit versions)
These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.
Announce
nginx.conf sets the user and admin, but that coughs up an error when trying to
run as root. This is why it’s so confusing.
> On Jul 10, 2017, at 9:27 PM, li...@lazygranch.com wrote:
>
> I don't have server access at the moment, but I think nginx under FreeBSD
> runs under user www.
__
Hello!
A security issue was identified in nginx range filter. A specially
crafted request might result in an integer overflow and incorrect
processing of ranges, potentially resulting in sensitive information
leak (CVE-2017-7529).
When using nginx with standard modules this allows an attacker to
Changes with nginx 1.12.111 Jul 2017
*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).
Changes with nginx 1.13.311 Jul 2017
*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).
Hi Andreas and Zhang,
Thank you for your hint with the http_echo_module! I read through their
code to get a hang of how the event loop and the event handling actually
works.
If I replace the hello_world command in my config files with the
echo/echo_flush/echo_sleep commands, everything works
Hello everyone, I have read the manual
https://www.nginx.com/blog/creating-nginx-rewrite-rules/ but unfortunately I
didn't manage to solve my (simple) problem. What I need to do is: if a
visitor wants to read www.example.com/requested_page.html and comes from
Google or Bing, redirect it to a specif
10 matches
Mail list logo