top | item 40862800

(no title)

I don't disagree with you. However, my point was that the parent poster's reasoning was flawed.

Stacking these services on top of each other in this way does not necessarily mean that an attacker has to compromise both services in order to compromise a host. The parent poster's flawed reasoning appeared to lead to a false sense of security as a result.

discuss

remram|1 year ago

Yes for sure. An RCE in the first is sufficient, or an auth bypass in the first and some other vulnerability in the second.