Description

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.

Remediation

References

CVE-2014-3616

Related Vulnerabilities

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Cross-Site Scripting (1.6.2)

WebLogic CVE-2023-22108 Vulnerability (CVE-2023-22108)

Apache Traffic Server Other Vulnerability (CVE-2019-9513)

WordPress Plugin AMP extensions Cross-Site Scripting (1.1)

PHP Use of Uninitialized Resource Vulnerability (CVE-2015-3414)

Severity

Medium

Classification

CVE-2014-3616 CWE-613

Tags

Missing Update Known Vulnerabilities