Yes, it should not listen to every interface. See https://static.hacker.house/releasez/expl0itz/jdwp-exploit.txt … for more details.
-
-
Here's another example, chrome has many dangerous command line options, like --disable-web-security -- do you consider that a security bug?
-
I would consider that if --debug opening a service that let's you run arbitrary code remotely on all network interfaces an issue.
- 3 more replies
New conversation -
-
-
If you don't like the word bug, call it a footgun.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.