Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-x8ck-rceh-ukdw
Vulnerability ID VCID-x8ck-rceh-ukdw
Aliases CVE-2014-3616
Summary SSL session reuse vulnerability
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-613 Insufficient Session Expiration
System Score Found at
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
epss 0.02435 https://api.first.org/data/v1/epss?cve=CVE-2014-3616
generic_textual medium https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2014-3616
Reference id Reference type URL
http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3616.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616
https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
http://www.debian.org/security/2014/dsa-3029
1142573 https://bugzilla.redhat.com/show_bug.cgi?id=1142573
761940 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761940
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2014-3616 https://nvd.nist.gov/vuln/detail/CVE-2014-3616
GLSA-201502-06 https://security.gentoo.org/glsa/201502-06
USN-2351-1 https://usn.ubuntu.com/2351-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3616
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.8509
EPSS Score 0.02435
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:31:45.968251+00:00 Nginx Importer Import https://nginx.org/en/security_advisories.html 38.0.0