Description
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.0.0)
Oracle JRE CVE-2017-10357 Vulnerability (CVE-2017-10357)
Twisted Web HTTP Server Direct Request ('Forced Browsing') Vulnerability (CVE-2016-1000111)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7364)