Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2014-421

Related Vulnerabilities: CVE-2014-3616  

A virtual host confusion issue was found in nginx, allowing HTTPS connections for one origin to be redirected to the virtual host of a different origin. This leads to a variety of issues, such as cookie theft and session hijacking. It could be triggered from a cross-site scripting flaw, tricking a user into visiting a malicious URL, and so on.

Source

ALAS-2014-421

Amazon Linux AMI Security Advisory: ALAS-2014-421
Advisory Release Date: 2014-10-01 16:28 Pacific
Advisory Updated Date: 2014-10-01 18:52 Pacific
Severity: Medium
References: CVE-2014-3616 
Issue Overview:

A virtual host confusion issue was found in nginx, allowing HTTPS connections for one origin to be redirected to the virtual host of a different origin. This leads to a variety of issues, such as cookie theft and session hijacking. It could be triggered from a cross-site scripting flaw, tricking a user into visiting a malicious URL, and so on.


Affected Packages:

nginx


Issue Correction:
Run yum update nginx to update your system.

New Packages:
i686:
    nginx-1.6.2-1.22.amzn1.i686
    nginx-debuginfo-1.6.2-1.22.amzn1.i686

src:
    nginx-1.6.2-1.22.amzn1.src

x86_64:
    nginx-1.6.2-1.22.amzn1.x86_64
    nginx-debuginfo-1.6.2-1.22.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started