> How? Calls are made to the Netscaler box to the endpoint /cgi/api/login, with a client supplied certificate. By sending hundreds of requests, you can overwrite chunks of memory in the hope of executing code.
> I would recommend, if logs exist, checking for web access requests to /cgi/api/login on your Netscaler devices. These will be large POST requests.
So hundreds of invalid certificates? Infeasibly large POST requests? Seems to me that this vulnerability depends on not having good defense in depth
"If logs exist"?! It blows my tiny little mind that keeping logs has gone out of fashion
Our industry is in deep long term shit. We have adopted awful practices because they are cheaper, and secure systems look the same as insecure systems, but cost more.
We can build reliable secure systems from unreliable fault prone parts, we know how, but nobody will let us
> I would recommend, if logs exist, checking for web access requests to /cgi/api/login on your Netscaler devices. These will be large POST requests.
So hundreds of invalid certificates? Infeasibly large POST requests? Seems to me that this vulnerability depends on not having good defense in depth
"If logs exist"?! It blows my tiny little mind that keeping logs has gone out of fashion
Our industry is in deep long term shit. We have adopted awful practices because they are cheaper, and secure systems look the same as insecure systems, but cost more.
We can build reliable secure systems from unreliable fault prone parts, we know how, but nobody will let us
I am depressed