CVE-2014-3616
CVSS v2.0
4.3 (Medium)
EPSS
0.23 % (62th)
Affected Products
2
Advisories
9
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Weaknesses
- CWE-613
- Insufficient Session Expiration
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2014-12-08 11:59:03
(9 years ago) - Updated Date
-
2021-11-10 15:59:33
(2 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...