Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.4 views

SUSE CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7.1AI score0.05654EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/06/14 12:0 a.m.15 views

nginx 0.5.6 <= 1.7.4 Insufficient Session Expiration Vulnerability

nginx is prone to an insufficient session expiration vulnerability due to a problem with SSL session cache. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

4.3CVSS6.3AI score0.05654EPSS
Exploits0References1
NVD
NVD
added 2014/12/08 11:59 a.m.19 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS6.5AI score0.05654EPSS
Exploits0References2
OSV
OSV
added 2014/12/08 11:59 a.m.10 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

6.4AI score
Exploits0References2
Cvelist
Cvelist
added 2014/12/08 11:0 a.m.24 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

6.3AI score0.05654EPSS
Exploits0References2
CVE
CVE
added 2014/12/08 11:0 a.m.217 views

CVE-2014-3616

CVE-2014-3616 affects nginx versions 0.5.6 through 1.7.4. The root cause is reuse of a shared SSL session cache or SSL session_ticket_key for multiple servers, allowing a remote attacker with sufficient privileges to perform a virtual host confusion by reusing a cached SSL session in an unrelated...

4.3CVSS6.4AI score0.05654EPSS
Exploits0References2Affected Software1
Nginx
Nginx
added 2014/12/08 11:0 a.m.314 views

SSL session reuse vulnerability

SSL session reuse vulnerability Severity: medium CVE-2014-3616 Not vulnerable: 1.7.5+, 1.6.2+ Vulnerable: 0.5.6-1.7.4...

4.3CVSS6.3AI score0.05654EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/10/11 12:0 a.m.32 views

Fedora 19 : nginx-1.4.7-3.fc19 (2014-11370)

Security fix for CVE-2014-3616 - Create nginx-filesystem subpackage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

4.3CVSS5.3AI score0.05654EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/10/11 12:0 a.m.26 views

Fedora 20 : nginx-1.4.7-3.fc20 (2014-11415)

Security fix for CVE-2014-3616 - Create nginx-filesystem subpackage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

4.3CVSS5.3AI score0.05654EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/10/11 12:0 a.m.28 views

Fedora Update for nginx FEDORA-2014-11415

Check the version of nginx SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868378";...

4.3CVSS6.3AI score0.05654EPSS
Exploits0References2
Amazon
Amazon
added 2014/10/01 12:0 a.m.55 views

Medium: nginx

Issue Overview: A virtual host confusion issue was found in nginx, allowing HTTPS connections for one origin to be redirected to the virtual host of a different origin. This leads to a variety of issues, such as cookie theft and session hijacking. It could be triggered from a cross-site scripting...

4.3CVSS6AI score0.05654EPSS
Exploits0
Rows per page
Query Builder