Description
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2007-5531 Vulnerability (CVE-2007-5531)
MySQL CVE-2022-39403 Vulnerability (CVE-2022-39403)
Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)
WordPress Plugin Author Manager Multiple Vulnerabilities (1.0)
Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)