nginx < 1.6.2 / 1.7.5 SSL Session Reuse

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by an SSL session handling
vulnerability.

Description :

According to the self-reported version in the server response header,
the version of nginx installed on the remote host is 0.5.6 or higher,
1.6.x prior to 1.6.2, or 1.7.x prior to 1.7.5. It is, therefore,
affected by an SSL session or TLS session ticket key handling error. A
flaw exists in the file 'event/ngx_event_openssl.c' that could allow a
remote attacker to obtain sensitive information or to take control of
a session.

Note that this issue only affects servers having multiple 'server{}'
configurations sharing the same values for 'ssl_session_cache' or
'ssl_session_ticket_key'.

See also :

http://bh.ht.vc/vhost_confusion.pdf
http://nginx.org/en/security_advisories.html
http://mailman.nginx.org/pipermail/nginx-announce/2014/000146.html
http://mailman.nginx.org/pipermail/nginx-announce/2014/000145.html
http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
http://nginx.org/en/CHANGES
http://nginx.org/en/CHANGES-1.6

Solution :

Upgrade to nginx 1.6.2 / 1.7.5 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 78386 ()

Bugtraq ID: 70025

CVE ID: CVE-2014-3616

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now