Description
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)
Moodle Improper Encoding or Escaping of Output Vulnerability (CVE-2021-40694)
WordPress Plugin Lightbox Photo Gallery Cross-Site Request Forgery (1.0)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1901)