Main Vulnerability Database Vulnerabilities #VU59319

#VU59319 Origin validation error in nginx - CVE-2021-3618

Published: January 9, 2022

Vulnerability identifier: #VU59319

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-3618

CWE-ID: CWE-346

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
nginx

Software vendor:
F5 Networks

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic error in TLS implementation when handling different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A remote attacker with ability to perform TCP/IP layer MitM attack can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

This attack technique was dubbed ALPACA (application layer protocol content confusion attack).

Remediation

Install updates from vendor's website.

#VU59319 Origin validation error in nginx - CVE-2021-3618

Description

Remediation

External links

Please verify you're human