Should be mentioned that technically there is no patch. It’s mitigation steps which makes this even more challenging.
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Given no patch yet, are you seeing or hearing of any successful exploitation that gets around the published mitigation?
-
Nothing as far as published mitigation. Looking good so far.
Kraj razgovora
Novi razgovor -
-
-
Yeah it’s really easy to exploit which is scary this is also why defense in depth is important so you are protected even if items like this exist and you should apply the fixes Citrix recommends as no patch currently exists.
-
I wonder how old is this bug and from how long is exploited in the wild?
I bet only @cBekrar can know
Kraj razgovora
Novi razgovor -
-
-
RCE claims should be verified by certified RCE Claims Experts. I've just been certified. Please DM details so you can go public with information. Thank you!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
My big concern was the patch blocks look to block ../ but not encoded ../. Can you confirm it blocks encoded directory traversal as well?
-
tested it does
- Još 2 druga odgovora
Novi razgovor -
-
-
My dream is to work for TrustedSec one day!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.