EUVD-2011-4874

Malware in sbrugna...

Internet Bug Bounty: TLS client authentication can be bypassed due to ticket resumption

The TLS client authentication can be bypassed due to ticket resumption. The issue was that TLS session tickets were not properly isolated for multiple virtual hosts in one server. This allowed a ticket issued for one virtual host to be resumed at a different virtual host, circumventing client...

CVE-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...

Denial Of Service (DoS)

nginx HTTP/2 is vulnerable to denial of service DoS. It does not prevent the attacker from creating multiple request streams and flooding using PRIORITY frames continuously in a way that causes substantial churn to the priority tree, causing an excessive resource consumption...