FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nginx -- inject commands into SSL session vulnerability

Affected packages
1.6.0,2 <= nginx < 1.6.1,2
1.5.6 <= nginx-devel < 1.7.4


VuXML ID ad747a01-1fee-11e4-8ff1-f0def16c5c1b
Discovery 2014-08-05
Entry 2014-08-09

The nginx project reports:

Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.


CVE Name CVE-2014-3556