Description
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
Remediation
References
Related Vulnerabilities
PostgreSQL Improper Authentication Vulnerability (CVE-2009-3231)
PostgreSQL CVE-2017-7548 Vulnerability (CVE-2017-7548)
Java Unspesificed Vulnerability (CVE-2018-3139)
WordPress Plugin Agent Storm by StormRETS Multiple Cross-Site Scripting Vulnerabilities (1.1.35)
Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1610)