Language:
http://bh.ht.vc/vhost_confusion.pdf
http://nginx.org/en/security_advisories.html
http://mailman.nginx.org/pipermail/nginx-announce/2014/000146.html
http://mailman.nginx.org/pipermail/nginx-announce/2014/000145.html
http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
Severity: Medium
ID: 78386
File Name: nginx_1_7_5.nasl
Version: 1.14
Type: combined
Agent: unix
Family: Web Servers
Published: 10/13/2014
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
CVSS Score Rationale: The nvd score does not account for the potential for the virtual host confusion attack being used to access confidential data (as detailed in the original virtual host confusion: weaknesses and exploits blackhat 2014 paper from antoine delignat-lavaud)
Risk Factor: Low
Score: 3.6
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSS Score Source: manual
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CPE: cpe:/a:nginx:nginx
Required KB Items: installed_sw/nginx
Exploit Ease: No known exploits are available
Patch Publication Date: 9/16/2014
Vulnerability Publication Date: 8/6/2014
CVE: CVE-2014-3616
BID: 70025