Lucene search

K
cvelistRedhatCVELIST:CVE-2014-3616
HistoryDec 08, 2014 - 11:00 a.m.

CVE-2014-3616

2014-12-0811:00:00
redhat
www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.6%

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct “virtual host confusion” attacks.

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.6%