A Critical Jenkins Bug Discovered - This is why Building a Web Server is Hard - podcast episode cover

A Critical Jenkins Bug Discovered - This is why Building a Web Server is Hard

The Backend Engineering Show with Hussein Nasser
Aug 19, 202015 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Jenkins has just released a statement that there is a potential bug (CVE-2019-17638) where an attacker can steal content from other legitimate requests. In this video, I describe the bug and why being a web server is difficult.  2;00 HTTP Smuggling https://www.youtube.com/watch?v=PFllH0QccCs 7;50 multi-Threading https://www.youtube.com/watch?v=0vFgKr5bjWI&t=1s   Resources https://nvd.nist.gov/vuln/detail/CVE-2019-17638 https://en.wikipedia.org/wiki/Jetty_(web_server) https://www.jenkins.io/security/advisory/2020-08-17/

For the best experience, listen in Metacast app for iOS or Android