Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Varnish-Cache Security Vulnerabilities

cve
cve

CVE-2013-4484

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

6.3AI Score

0.046EPSS

2013-11-01 02:55 AM
38
cve
cve

CVE-2017-12425

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varn...

7.5CVSS

7.2AI Score

0.006EPSS

2017-08-04 09:29 AM
127
3
cve
cve

CVE-2017-8807

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore tra...

9.1CVSS

8.8AI Score

0.017EPSS

2017-11-16 02:29 AM
455
2
cve
cve

CVE-2019-20637

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connect...

7.5CVSS

7.2AI Score

0.002EPSS

2020-04-08 11:15 PM
151
2
cve
cve

CVE-2020-11653

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

7.5CVSS

7.4AI Score

0.002EPSS

2020-04-08 11:15 PM
160
2
cve
cve

CVE-2021-28543

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, ...

7.5CVSS

7.3AI Score

0.002EPSS

2021-03-16 03:15 PM
158
3
cve
cve

CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

6.5CVSS

6.5AI Score

0.007EPSS

2021-07-14 05:15 PM
135
10