Debian Security Advisory DSA 3029-1 (nginx - security update)

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position. OpenVAS Vulnerability Test $Id: deb3029.nasl 6735...

DSA-3029-1 nginx - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3029-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 9 package nginx version 1.6.2-alt1

Sept. 18, 2014 Denis Smirnov 1.6.2-alt1 - 1.6.2 - CVE-2014-3616...

[SECURITY] [DLA 55-1] nginx security update

Package : nginx Version : 0.7.67-3+squeeze4 CVE ID : CVE-2014-3616 Antoine Delignat-Lavaud discovered that it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks...

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

UBUNTU-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

FreeBSD : nginx -- inject commands into SSL session vulnerability (77b784bb-3dc6-11e4-b191-f0def16c5c1b)

The nginx project reports : Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple 'server' blocks CVE-2014-3616. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

DLA-55-1 nginx - security update

Bulletin has no description...

nginx -- inject commands into SSL session vulnerability

The nginx project reports: Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks CVE-2014-3616...

nginx < 1.6.1 / 1.7.4 SMTP STARTTLS Command Injection

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 1.5.6 or higher, 1.6.x prior to 1.6.1, or 1.7.x prior to 1.7.4. It is, therefore, affected by a command injection vulnerability. A flaw exists in the function...

Mail.ru: Version Disclosure (NginX)

POC : url : https://calendar.mail.ru Open up your google chrome browser. Click right mouse button and choose Inspect Element. Put website url in address bar. https://calendar.mail.ru Now choose network option from Inspect Element menu. Response Headers Connection:close...

FreeBSD : nginx -- inject commands into SSL session vulnerability (ad747a01-1fee-11e4-8ff1-f0def16c5c1b)

"The nginx project reports : Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy CVE-2014-3556 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

Security fix for the ALT Linux 9 package nginx version 1.6.1-alt1

Aug. 6, 2014 Denis Smirnov 1.6.1-alt1 - 1.6.1 - CVE-2014-3556...

nginx -- inject commands into SSL session vulnerability

The nginx project reports: Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy CVE-2014-3556; the bug had appeared in 1.5.6...

SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities

SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities !-- SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platfo...

SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities

Summary SkaDate Lite is a new platform that makes it easy to start online dating business in just a few easy steps. No programming or design knowledge is required. Install the solution, pick a template, and start driving traffic to your new online dating site. Description SkaDate Lite version 2.0...

SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities

SkaD...

PT-2014-11: Information Disclosure in nginx

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in nginx. URI normalization function does not properly handle the transmitted values, thus an attacker can disclose memory areas using a web server log. How to fix Update your sofware up to the...

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...