Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: libsoup (UTSA-2026-007256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007256 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2026-1342)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

8.2CVSS5.9AI score0.00496EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/21 12:55 p.m.4 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/20 3:37 p.m.6 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/12 2:24 a.m.7 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-3580

Malware in sbrugna...

4.3CVSS6AI score0.05654EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.4 views

SUSE CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7.1AI score0.05654EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.25 views

Mandriva Linux Security Advisory : nginx (MDVSA-2015:094)

Updated nginx package fixes security vulnerabilities : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution...

7.5CVSS9.1AI score0.09293EPSS
Exploits1References4
NVD
NVD
added 2014/12/08 11:59 a.m.19 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS6.5AI score0.05654EPSS
Exploits0References2
OSV
OSV
added 2014/12/08 11:59 a.m.10 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

6.4AI score
Exploits0References2
OSV
OSV
added 2014/12/08 11:59 a.m.5 views

DEBIAN-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7AI score0.05654EPSS
Exploits0References1
Prion
Prion
added 2014/12/08 11:59 a.m.22 views

Type confusion

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7.1AI score0.05654EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2014/12/08 11:0 a.m.24 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

6.3AI score0.05654EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/12/08 11:0 a.m.42 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS6.4AI score0.05654EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.24 views

Amazon Linux AMI : nginx (ALAS-2014-421)

A virtual host confusion issue was found in nginx, allowing HTTPS connections for one origin to be redirected to the virtual host of a different origin. This leads to a variety of issues, such as cookie theft and session hijacking. It could be triggered from a cross-site scripting flaw, tricking ...

4.3CVSS5.2AI score0.05654EPSS
Exploits0References2
Amazon
Amazon
added 2014/10/01 12:0 a.m.55 views

Medium: nginx

Issue Overview: A virtual host confusion issue was found in nginx, allowing HTTPS connections for one origin to be redirected to the virtual host of a different origin. This leads to a variety of issues, such as cookie theft and session hijacking. It could be triggered from a cross-site scripting...

4.3CVSS6AI score0.05654EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/09/22 12:0 a.m.28 views

Debian DSA-3029-1 : nginx - security update

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

4.3CVSS5.3AI score0.05654EPSS
Exploits0References4
OSV
OSV
added 2014/09/20 12:0 a.m.21 views

DSA-3029-1 nginx - security update

Bulletin has no description...

4.3CVSS6.3AI score0.05654EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/09/19 12:0 a.m.22 views

Debian: Security Advisory (DSA-3029-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.05654EPSS
Exploits0References3
OSV
OSV
added 2014/09/17 12:0 a.m.7 views

UBUNTU-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS5.8AI score0.05654EPSS
Exploits0References4
Rows per page
Query Builder