nginx 0.5.6 up to and including 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 nginx |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |