As posted on our blog (with patches)
I am curious as to what everyone thinks about this exploit. It technically has once again been dismissed by nginx due to not having a PoC to go along with it. Now we went ahead and patched the exploit non the less.
In the hosting industry a lot of people make use of nginx, but from what a friend told me who originally discovered this over a year ago and was dismissed by nginx dev team, you could carefully pass a command killall to nginx and it will kill itself for example.
So I am curious as to how everyone else see this exploit? A threat or just something not to worry about right now?