CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
61.6%
Issue Overview:
A virtual host confusion issue was found in nginx, allowing HTTPS connections for one origin to be redirected to the virtual host of a different origin. This leads to a variety of issues, such as cookie theft and session hijacking. It could be triggered from a cross-site scripting flaw, tricking a user into visiting a malicious URL, and so on.
Affected Packages:
nginx
Issue Correction:
Run yum update nginx to update your system.
New Packages:
i686:
nginx-1.6.2-1.22.amzn1.i686
nginx-debuginfo-1.6.2-1.22.amzn1.i686
src:
nginx-1.6.2-1.22.amzn1.src
x86_64:
nginx-1.6.2-1.22.amzn1.x86_64
nginx-debuginfo-1.6.2-1.22.amzn1.x86_64
Red Hat: CVE-2014-3616
Mitre: CVE-2014-3616
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | nginx | < 1.6.2-1.22.amzn1 | nginx-1.6.2-1.22.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | nginx-debuginfo | < 1.6.2-1.22.amzn1 | nginx-debuginfo-1.6.2-1.22.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | nginx | < 1.6.2-1.22.amzn1 | nginx-1.6.2-1.22.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | nginx-debuginfo | < 1.6.2-1.22.amzn1 | nginx-debuginfo-1.6.2-1.22.amzn1.x86_64.rpm |