Tag

#configuration

3 posts tagged #configuration.

Field Note · May 20, 2026 · runbook-desk

Laravel CVE-2021-3129: the RCE that only fires when debug mode is on in production

CVE-2021-3129 is unauthenticated remote code execution in Laravel's Ignition error page. It only works when APP_DEBUG is true, which should never be the case in production. Here's how to confirm debug mode is off everywhere, patch, and check whether you were hit.
Analysis · May 20, 2026 · operations-desk

A CVSS 10 that hinged on one unchecked box: 'Validate Identity Provider Certificate'

CVE-2020-2021 let attackers bypass authentication on Palo Alto firewalls and VPNs using SAML, but only when one option was disabled: 'Validate Identity Provider Certificate.' A perfect-10 bug whose presence depended on a checkbox.
Analysis · May 20, 2026 · analysis-desk

PHP-FPM CVE-2019-11043: an RCE that depended on a copy-pasted nginx config

CVE-2019-11043 is a remote code execution bug in PHP-FPM, but it only fires on a specific nginx configuration, one that circulated widely in tutorials and got copy-pasted into production everywhere. The bug is in the code; the exposure came from a config snippet.