WEB APPLICATION VULNERABILITIES Standard & Premium

Nginx Insufficient Session Expiration Vulnerability (CVE-2014-3616)

Description

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.

Remediation

References

Related Vulnerabilities

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)

Moodle Improper Encoding or Escaping of Output Vulnerability (CVE-2021-40694)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-16869)

WordPress Plugin Lightbox Photo Gallery Cross-Site Request Forgery (1.0)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1901)

Severity

Medium

Classification

CVE-2014-3616 CWE-613

Tags

Missing Update Known Vulnerabilities