11 matches found
SUSE CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
nginx 0.5.6 <= 1.7.4 Insufficient Session Expiration Vulnerability
nginx is prone to an insufficient session expiration vulnerability due to a problem with SSL session cache. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
CVE-2014-3616
CVE-2014-3616 affects nginx versions 0.5.6 through 1.7.4. The root cause is reuse of a shared SSL session cache or SSL session_ticket_key for multiple servers, allowing a remote attacker with sufficient privileges to perform a virtual host confusion by reusing a cached SSL session in an unrelated...
SSL session reuse vulnerability
SSL session reuse vulnerability Severity: medium CVE-2014-3616 Not vulnerable: 1.7.5+, 1.6.2+ Vulnerable: 0.5.6-1.7.4...
Fedora 19 : nginx-1.4.7-3.fc19 (2014-11370)
Security fix for CVE-2014-3616 - Create nginx-filesystem subpackage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 20 : nginx-1.4.7-3.fc20 (2014-11415)
Security fix for CVE-2014-3616 - Create nginx-filesystem subpackage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora Update for nginx FEDORA-2014-11415
Check the version of nginx SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868378";...
Medium: nginx
Issue Overview: A virtual host confusion issue was found in nginx, allowing HTTPS connections for one origin to be redirected to the virtual host of a different origin. This leads to a variety of issues, such as cookie theft and session hijacking. It could be triggered from a cross-site scripting...