7.5
CVE-2019-20637
- EPSS 0.48%
- Published 08.04.2020 23:15:12
- Last modified 21.11.2024 04:38:56
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.
Data is provided by the National Vulnerability Database (NVD)
Varnish-cache ≫ Varnish Cache SwEdition- Version >= 6.1.0 < 6.2.2
Varnish-cache ≫ Varnish Cache SwEdition- Version >= 6.3.0 < 6.3.1
Varnish-software ≫ Varnish Cache SwEditionlts Version >= 6.0.0 < 6.0.5
Opensuse ≫ Backports Sle Version15.0 Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.64 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.