It is in the Java plugin running on the browser, nothing to do with NGINX.
The Java zeroday is webserver agnostic, which means that is compatible with
Apache, NGINX, Lighttpd etc.
It requires a webpage to show an applet, and everything goes to hell
afterwards.
Disable your Java plugin in your browser, and never activate it again.
2013/1/11 Andre Jaenisch <andrejaenisch@googlemail.com>
> Hello,
>
> a friend of mine called my attention to the following link:
>
> http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
>
> I'm new to the server's world, so I'm not sure, wether this is "just"
> a Java problem, but also a nginx one, since the server in question is
> nginx 1.0.15 …
> However, it might be a good idea to spread the word of this security hole..
>
> Regards,
>
>
> Andre Jaenisch
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx