CVE-2014-3616

EPSS 2.4%

nginx - security update

發布日:2014/12/8修改日:2026/4/28

也稱為:DEBIAN-CVE-2014-3616

描述

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.

受影響套件(3)

Debian/nginxfrom 0, < 1.6.2-1
Debian/nginxfrom 0, < 0.7.67-3+squeeze4
Debian/nginxfrom 0, < 1.2.1-2.2+wheezy3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3616