FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nginx -- inject commands into SSL session vulnerability

Affected packages
1.6.0,2	<=	nginx	<	1.6.1,2
1.5.6	<=	nginx-devel	<	1.7.4

Details

VuXML ID	ad747a01-1fee-11e4-8ff1-f0def16c5c1b
Discovery	2014-08-05
Entry	2014-08-09

The nginx project reports:

Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.

[source]

References

CVE Name	CVE-2014-3556
URL	http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.