FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nginx -- inject commands into SSL session vulnerability

Affected packages
1.6.0,2 <= nginx < 1.6.1,2
1.5.6 <= nginx-devel < 1.7.4

Details

VuXML ID ad747a01-1fee-11e4-8ff1-f0def16c5c1b
Discovery 2014-08-05
Entry 2014-08-09

The nginx project reports:

Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.

References

CVE Name CVE-2014-3556
URL http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html