Lucene search
+L
Varnish-softwareVarnish Cache

7 matches found

CVE
CVE
added 2019/09/03 8:56 p.m.1465 views

CVE-2019-15892

CVE-2019-15892 affects Varnish Cache before 6.0.4 LTS and 6.1.x and before 6.2.1 in the 6.2.x line. An HTTP/1 parsing failure allows a remote attacker to trigger an assert, causing an automatic restart with a clean cache and resulting in a Denial of Service. The available fixes are to upgrade to ...

7.8CVSS7.2AI score0.05789EPSS
CVE
CVE
added 2022/01/26 12:38 a.m.399 views

CVE-2022-23959

CVE-2022-23959 affects Varnish Cache and related variants, where HTTP/1 connections are vulnerable to a request smuggling flaw in versions before 6.6.2 (and 7.x before 7.0.2), 6.0 LTS before 6.0.10, and Varnish Enterprise/Cache Plus before 4.1.11r6 and 6.0.9r4. The root cause is improper handling...

9.1CVSS9AI score0.01973EPSS
CVE
CVE
added 2020/04/08 12:0 a.m.222 views

CVE-2020-11653

CVE-2020-11653 affects Varnish Cache prior to 6.0.6 LTS, 6.1.x prior to 6.2.3, and 6.3.x prior to 6.3.2. When a TLS termination proxy uses PROXY v2, an assertion failure can occur, causing the varnishd daemon to restart and leading to performance loss. Connected advisories (Debian/Ubuntu/Rocky) r...

7.5CVSS7.4AI score0.02106EPSS
CVE
CVE
added 2020/04/08 11:1 p.m.215 views

CVE-2019-20637

Varnish Cache (versions before 6.0.5 LTS, 6.1.x before 6.2.2, and 6.3.x before 6.3.1) is affected by CVE-2019-20637. The vulnerability arises because a pointer is not cleared between handling successive client requests on the same TCP connection, which can allow disclosure of data from the connec...

7.5CVSS7.2AI score0.01746EPSS
CVE
CVE
added 2021/07/14 4:7 p.m.203 views

CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, is vulnerable to request smuggling and VCL authorization bypass via a large Content-Length header in POST requests. Affected: Varnish Enterprise 6.0.x before 6.0.8r3; Varnish Cache 5.x and 6.x before 6.5.2; 6.6.x before 6.6.1; and 6.0 LTS before 6.0.8. Mitigati...

6.5CVSS6.5AI score0.01599EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.182 views

CVE-2022-45060

CVE-2022-45060 – Varnish Cache HTTP/2 header forgery affects Varnish Cache 5.x and 6.x up to before 6.0.11, 7.x up to before 7.1.2, and 7.2.x up to before 7.2.1. An attacker can inject characters in HTTP/2 pseudo-headers that are invalid for HTTP/1 request lines, causing the Varnish server to gen...

7.5CVSS7.3AI score0.00936EPSS
CVE
CVE
added 2017/08/04 9:0 a.m.168 views

CVE-2017-12425

Varnish HTTP Cache contains a denial-of-service vulnerability (CVE-2017-12425) due to a wrong if statement in varnishd that can cause an assertion when processing invalid client requests. This bug affects multiple releases: 4.0.1–4.0.4, 4.1.0–4.1.7, 5.0.0, and 5.1.0–5.1.2. Exploitation leads to t...

7.5CVSS7.2AI score0.02416EPSS