SUSE CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

SUSE CVE-2017-8807

vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...

UBUNTU-CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

ALPINE-CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

DEBIAN-CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...

PT-2017-12550 · Varnish · Varnish Http Cache

Name of the Vulnerable Software and Affected Versions: Varnish HTTP Cache versions 4.0.1 through 4.0.4 Varnish HTTP Cache versions 4.1.0 through 4.1.7 Varnish HTTP Cache version 5.0.0 Varnish HTTP Cache versions 5.1.0 through 5.1.2 Description: An issue was discovered in the varnishd source code,...

Varnish Cache CLI Interface - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Varnish Cache CLI Interface Bruteforce Utility', 'Description' = 'This module attempts to login to the Varnish Cache varnishd CLI...

varnish -- DoS vulnerability in Varnish HTTP cache

Varnish Cache Project reports: If Varnish receives a certain illegal request, and the subroutine 'vclerror' restarts the request, the varnishd worker process will crash with an assert. The varnishd management process will restart the worker process, but there will be a brief interruption of servi...