Advisory ID:

NFLX-2016-003

Advisory Title:

zuul.filter.admin.enabled Defaults to True.

Author:

Julian Vilas / julian.vilas@schibsted.com

Scott Behrens / sbehrens@netflix.com

Release Date:

08/31/2016

Application:

Zuul

Release:

1.x Branch

Source:

https://github.com/Netflix/zuul

Severity:

Critical

Overview:

Zuul was configured with zuul.filter.admin.enabled to True, which can be used to upload filters via the default application port which may result in Remote Code Execution (RCE).

Patch:

The 1.x branch contains the fix. The commit can be found here: https://github.com/Netflix/zuul/commit/d1e683427223920994dbf4809fed8c9479d9a6a8

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nflx-2016-003.md

nflx-2016-003.md

Advisory ID:

Advisory Title:

Author:

Release Date:

Application:

Release:

Source:

Severity:

Overview:

Patch:

Files

nflx-2016-003.md

Latest commit

History

nflx-2016-003.md

File metadata and controls

Advisory ID:

Advisory Title:

Author:

Release Date:

Application:

Release:

Source:

Severity:

Overview:

Patch: