Описание
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.6.2-1ubuntu1 |
| esm-infra-legacy/trusty | released | 1.4.6-1ubuntu3.1 |
| lucid | ignored | end of life |
| precise | released | 1.1.19-1ubuntu0.7 |
| trusty | released | 1.4.6-1ubuntu3.1 |
| trusty/esm | released | 1.4.6-1ubuntu3.1 |
| upstream | released | 1.7.5,1.6.2 |
| utopic | not-affected | 1.6.2-1ubuntu1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cach ...
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
EPSS
4.3 Medium
CVSS2