[NGINX:CVE-2014-3616] SSL session reuse vulnerability
Severity
Medium
Affected Packages
1
Unaffected Packages
2
CVEs
1
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Package | Affected Version |
---|---|
pkg:nginx/nginx | >= 0.5.6, <= 1.7.4 |
Package | Unaffected Version |
---|---|
pkg:nginx/nginx | >= 1.7.5 |
pkg:nginx/nginx | >= 1.6.2 |
- ID
- NGINX:CVE-2014-3616
- Severity
- medium
- Published
-
2014-12-08T11:59:03
(9 years ago) - Modified
-
2014-12-08T11:59:03
(9 years ago) - Rights
- NGINX Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |