CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
61.6%
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx
incorrectly reused cached SSL sessions. An attacker could possibly use this
issue in certain configurations to obtain access to information from a
different virtual host.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | nginx-core | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-core-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-extras | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-extras-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-full | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-full-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-light | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-light-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-naxsi | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-naxsi-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |