|
|
|
|
|
|
by dfc
3752 days ago
|
|
|
> includes any PHP, Ruby or Python site that allows
> shell commands to be executed
So any site already vulnerable to arbitrary command execution will now be vulnerable to RCE via arbitrary command execution? If your site currently allows arbitrary shell command execution the game was already lost. > It has all the potential to be huge.
Really? The vulnerability on the client side is limited to a very small percentage of the internet users. Furthermore these users are much more likely to be aware of the vulnerability and upgrade compared to grandma and her flash plugin. The story is not that different on the server. The number of publicly accessible git daemons pales in comparison to apache or services that use openssl. As mentioned above this does not really change anything for sites that allow arbitrary shell command execution.Running around like chicken little saying the sky is going to potentially fall is not productive and in the long run will probably not bring about the desired result for your page views... |
|
|