Varnish Cache Project

Varnish Cache

14 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-30346

  • EPSS 0.06%
  • Published 21.03.2025 00:00:00
  • Last modified 02.04.2025 22:15:20

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5

CVE-2022-45059

  • EPSS 0.5%
  • Published 09.11.2022 06:15:09
  • Last modified 01.05.2025 15:15:57

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from f...

7.5

CVE-2022-45060

  • EPSS 0.76%
  • Published 09.11.2022 06:15:09
  • Last modified 01.05.2025 15:15:58

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request...

7.5

CVE-2022-38150

  • EPSS 0.54%
  • Published 11.08.2022 01:15:10
  • Last modified 21.11.2024 07:15:53

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This ...

9.1

CVE-2022-23959

  • EPSS 0.51%
  • Published 26.01.2022 01:15:07
  • Last modified 21.11.2024 06:49:32

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

6.5

CVE-2021-36740

  • EPSS 0.12%
  • Published 14.07.2021 17:15:08
  • Last modified 21.11.2024 06:13:59

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x be...

7.5

CVE-2013-4090

Exploit
  • EPSS 0.35%
  • Published 12.02.2020 16:15:10
  • Last modified 21.11.2024 01:54:51

Varnish HTTP cache before 3.0.4: ACL bug

7.8

CVE-2019-15892

  • EPSS 5.55%
  • Published 03.09.2019 21:15:10
  • Last modified 21.11.2024 04:29:40

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a...

9.1

CVE-2017-8807

  • EPSS 1.75%
  • Published 16.11.2017 02:29:05
  • Last modified 20.04.2025 01:37:25

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in cer...