Description
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.21)
MySQL CVE-2014-0393 Vulnerability (CVE-2014-0393)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.24)
PHP Improper Preservation of Permissions Vulnerability (CVE-2020-7063)