CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23419 – TLS Session Resumption Vulnerability
https://notcve.org/view.php?id=CVE-2025-23419
05 Feb 2025 — When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client... • https://my.f5.com/manage/s/article/K000149173 • CWE-287: Improper Authentication •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7347 – NGINX MP4 module vulnerability
https://notcve.org/view.php?id=CVE-2024-7347
14 Aug 2024 — NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions w... • https://my.f5.com/manage/s/article/K000140529 • CWE-126: Buffer Over-read •