|
|
|
|
|
|
by Riverheart
2499 days ago
|
|
|
Okay I think I've either poorly communicated or you've misconstrued what I meant. All I was trying to imply was that threats can surface within the network. I'm not saying some magic will take advantage of the exploit with no connection to the target's network. You said "If they're attacking you from an internal vector they likely already have code execution within that internal context, making this bug largely redundant." I was disagreeing that this is redundant. This vulnerability is a remote code exploit that could give an attacker control over the target just by sending a specially crafted packet. It is not some Apache misconfiguration affecting a couple servers, it's baked into all versions of Windows. |
|
|