Computer Security
[EN] securityvulns.ru no-pyccku


nginx information leakage
Published:29.09.2014
Source:
SecurityVulns ID:13986
Type:remote
Threat Level:
5/10
Description:Invalid cached session reusage.
Affected:NGINX : nginx 1.4
CVE:CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.)
Original documentdocumentUBUNTU, [USN-2351-1] nginx vulnerability (29.09.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod