F5-K000149173
First published: Wed Feb 05 2025(Updated: )
When name-based virtual hosts are configured to share the same IP address and port combination, with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS session tickets are used and/or the SSL session cache is used in the default virtual server and the default virtual server is performing client certificate authentication. This issue affects both the NGINX http and NGINX stream modules.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NGINX Plus | =28 | 33 |
| NGINX Open Source | >=1.11.4<=1.27.3 | 1.27.431.26.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K000149173?
The severity of F5-K000149173 is classified as high due to the potential for unauthorized bypass of client certificate authentication.
How do I fix F5-K000149173?
To fix F5-K000149173, update your NGINX Plus or NGINX Open Source to the recommended versions that address this vulnerability.
What versions of NGINX are affected by F5-K000149173?
F5-K000149173 affects NGINX Plus version 28 and NGINX Open Source versions between 1.11.4 and 1.27.3.
Can F5-K000149173 be exploited remotely?
Yes, F5-K000149173 can be exploited remotely by an attacker with previously authenticated access.
What are the implications of F5-K000149173 for my server?
The implications of F5-K000149173 include the risk of unauthorized access to sensitive data due to the bypass of client certificate authentication.
- agent/references
- agent/source
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/type
- agent/softwarecombine
- agent/tags
- agent/event
- collector/f5-advisory
- source/F5
- alias/CVE-2025-23419
- vendor/f5