Description
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP ULike Multiple Vulnerabilities (3.1)
WordPress Plugin Ad Manager by WD-Advanced Ad Manager Multiple Vulnerabilities (1.0.11)
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.0.2)
Oracle Database Server CVE-2007-2117 Vulnerability (CVE-2007-2117)
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.4.7)