7.5
CVE-2019-20637
- EPSS 0.48%
- Veröffentlicht 08.04.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:38:56
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Varnish-cache ≫ Varnish Cache SwEdition- Version >= 6.1.0 < 6.2.2
Varnish-cache ≫ Varnish Cache SwEdition- Version >= 6.3.0 < 6.3.1
Varnish-software ≫ Varnish Cache SwEditionlts Version >= 6.0.0 < 6.0.5
Opensuse ≫ Backports Sle Version15.0 Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.64 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.