290 matches found
CVE-2025-47905
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...
FreeBSD : www/varnish7 -- Request Smuggling Attack (89c668d5-2f80-11f0-9632-641c67a117d8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 89c668d5-2f80-11f0-9632-641c67a117d8 advisory. The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish...
www/varnish7 -- Request Smuggling Attack
The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...
Debian dla-4101 : libvarnishapi-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4101 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4101-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 4101-1] varnish security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4101-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 31, 2025 https://wiki.debian.org/LTS -...
OESA-2025-1333 varnish security update
This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...
CVE-2022-39163
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync CSD attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting XSS attacks...
Security Bulletin: IBM Controller is affected by vulnerabilities
Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to Client-Side Desync CSD CVE-2022-39163. Please refer to the table in the Related Information section for...
CVE-2022-39163
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync CSD attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting XSS attacks...
CVE-2022-39163
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync CSD attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting XSS attacks...
CVE-2022-39163 IBM Cognos Controller HTTP response smuggling
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync CSD attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting XSS attacks...
CVE-2022-39163 IBM Cognos Controller HTTP response smuggling
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync CSD attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting XSS attacks...
CVE-2022-39163
CVE-2022-39163 (IBM Cognos Controller) affects IBM Cognos Controller 11.0.0–11.1.0 and IBM Controller 11.1.0, due to a Client-Side Desync (CSD) attack that could desynchronize a browser connection and enable cross-site scripting (XSS). The documented impact is limited to potential XSS via a desyn...
BIT-VARNISH-2025-30346
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...
FreeBSD : www/varnish7 -- client-side desync vulnerability (26f6733d-06a9-11f0-ba0b-641c67a117d8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 26f6733d-06a9-11f0-ba0b-641c67a117d8 advisory. The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish...
SUSE CVE-2025-30346
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...
CVE-2025-30346
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...
DEBIAN-CVE-2025-30346
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...
ALPINE-CVE-2025-30346
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...
CVE-2025-30346
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...