CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
78.6%
Severity: High
Date : 2017-08-10
CVE-ID : CVE-2017-12425
Package : varnish
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-374
The package varnish before version 5.1.3-1 is vulnerable to denial of
service.
Upgrade to 5.1.3-1.
The problem has been fixed upstream in version 5.1.3.
None.
A remote, non-authenticated denial of service has been found in varnish
< 5.1.3. A wrong if statement in the varnishd source code can trigger
an assert when processing invalid requests from the client. This causes
the varnishd worker process to abort and restart, losing the cached
contents in the process.
A remote attacker can crash a varnishd server by sending a crafted HTTP
request.
https://varnish-cache.org/security/VSV00001.html#vsv00001
https://security.archlinux.org/CVE-2017-12425
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
78.6%