Nginx Insufficient Session Expiration Vulnerability - CVE-2014-3616
Reference:
CVE-2014-3616
Title:
Nginx Insufficient Session Expiration Vulnerability
Overview:
nginx 0.5.6 through 1.7.4 when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers can reuse a cached SSL session for an unrelated context which allows remote attackers with certain privileges to conduct quotvirtual host confusionquot attacks.