{"id":"CVE-2014-3616","details":"nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks.","modified":"2026-04-16T06:15:34.692354273Z","published":"2014-12-08T11:59:03Z","related":["openSUSE-SU-2024:10044-1"],"references":[{"type":"ADVISORY","url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-3029"}],"schema_version":"1.7.5"}