MidnightBSD

Advisories for varnish_cache_project

CVE-2013-0345 LOW

varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
varnish_cache_project varnish_cache 3.0.3
CVE-2013-4090 MEDIUM

Varnish HTTP cache before 3.0.4: ACL bug

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
varnish_cache_project varnish_cache *
CVE-2013-4484 MEDIUM

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
varnish_cache_project varnish_cache 2.1.3
varnish_cache_project varnish_cache 2.0.2
varnish_cache_project varnish_cache 2.1.4
varnish_cache_project varnish_cache 3.0.3
varnish_cache_project varnish_cache 3.0.1
varnish_cache_project varnish_cache 3.0.0
varnish_cache_project varnish_cache 3.0.2
varnish_cache_project varnish_cache 2.0.3
varnish_cache_project varnish_cache 2.0.4
varnish_cache_project varnish_cache *
varnish-cache varnish 2.0.0
varnish_cache_project varnish_cache 2.0.1
varnish_cache_project varnish_cache 2.1.1
varnish_cache_project varnish_cache 2.1.0
varnish_cache_project varnish_cache 2.1.5
varnish_cache_project varnish_cache 2.0.6
varnish_cache_project varnish_cache 2.0.5
varnish_cache_project varnish_cache 2.1.2
CVE-2015-8852 MEDIUM

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
varnish_cache_project varnish_cache 3.0.4
varnish_cache_project varnish_cache 3.0.5
varnish_cache_project varnish_cache 3.0.6
varnish_cache_project varnish_cache 3.0.3
varnish_cache_project varnish_cache 3.0.1
varnish_cache_project varnish_cache 3.0.0
varnish_cache_project varnish_cache 3.0.2
debian debian_linux 7.0
CVE-2017-12425 MEDIUM

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
varnish-software varnish_cache 4.1.4
varnish_cache_project varnish_cache 4.0.2
varnish_cache_project varnish_cache 4.0.3
varnish-software varnish_cache 4.1.1
varnish-software varnish_cache 4.1.0
varnish-software varnish_cache 4.1.5
varnish_cache_project varnish_cache 4.0.4
varnish_cache_project varnish_cache 5.1.2
varnish_cache_project varnish_cache 5.0.0
varnish-software varnish_cache 4.1.6
varnish_cache_project varnish_cache 5.1.0
varnish-cache varnish 4.0.2
varnish-cache varnish 4.0.3
varnish_cache_project varnish_cache 4.0.1
varnish-software varnish_cache 4.1.7
varnish_cache_project varnish_cache 5.1.1
varnish-software varnish_cache 4.1.3
varnish-cache varnish 4.1.0
varnish-software varnish_cache 4.1.2
CVE-2017-8807 MEDIUM

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
varnish_cache_project varnish_cache *
varnish-cache varnish *
debian debian_linux 9.0
CVE-2019-15892 HIGH

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-617,

Products Affected

Vendor Product Version
debian debian_linux 10.0
varnish_cache_project varnish_cache *
varnish-software varnish_cache *
CVE-2021-36740 MEDIUM

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 34
varnish_cache_project varnish_cache *
varnish-cache varnish_cache 6.0.8
varnish-software varnish_cache *
varnish-cache varnish_cache *
fedoraproject fedora 33
CVE-2022-23959 MEDIUM

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 11.0
varnish_cache_project varnish_cache *
varnish-software varnish_cache *
varnish-software varnich_cache 4.1
varnish-software varnish_cache_plus *
varnish-software varnich_cache *
fedoraproject fedora 35
debian debian_linux 9.0
CVE-2022-38150

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.

Products Affected

Vendor Product Version
varnish_cache_project varnish_cache 7.0.1
varnish_cache_project varnish_cache 7.0.0
fedoraproject fedora 36
varnish_cache_project varnish_cache 7.1.0
fedoraproject fedora 35
varnish_cache_project varnish_cache 7.0.2
CVE-2022-45059

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.

Products Affected

Vendor Product Version
fedoraproject fedora 37
varnish_cache_project varnish_cache *
varnish_cache_project varnish_cache 7.2.0
fedoraproject fedora 36
fedoraproject fedora 35
CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
varnish-software varnish_cache_plus 6.0.0
debian debian_linux 11.0
varnish-software varnish_cache *
varnish-software varnish_cache_plus 6.0.1
varnish_cache_project varnish_cache 7.2.0
varnish-software varnish_cache_plus 6.0.2
varnish-software varnish_cache_plus 6.0.6
fedoraproject fedora 36
fedoraproject fedora 35
debian debian_linux 10.0
fedoraproject fedora 37
varnish-software varnish_cache_plus 6.0.4
varnish-software varnish_cache_plus 6.0.7
varnish_cache_project varnish_cache *
varnish-software varnish_cache_plus 6.0.10
varnish-software varnish_cache_plus 6.0.9
varnish-software varnish_cache_plus 6.0.5
varnish-software varnish_cache_plus 6.0.3
varnish-software varnish_cache_plus 6.0.8
CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
cisco ios_xe *
f5 big-ip_application_visibility_and_reporting 17.1.0
f5 big-ip_ssl_orchestrator *
cisco crosswork_zero_touch_provisioning *
redhat node_healthcheck_operator -
f5 big-ip_link_controller *
f5 big-ip_ssl_orchestrator 17.1.0
cisco nx-os *
redhat integration_camel_k -
nghttp2 nghttp2 *
cisco connected_mobile_experiences *
f5 big-ip_analytics 17.1.0
redhat openshift_virtualization 4
redhat 3scale_api_management_platform 2.0
cisco ios_xr *
microsoft windows_server_2016 -
envoyproxy envoy 1.25.9
redhat cert-manager_operator_for_red_hat_openshift -
apache traffic_server *
f5 big-ip_advanced_firewall_manager *
redhat openshift -
traefik traefik 3.0.0
netapp oncommand_insight -
linkerd linkerd 2.13.0
redhat jboss_enterprise_application_platform 6.0.0
cisco enterprise_chat_and_email -
golang go *
cisco prime_cable_provisioning *
f5 big-ip_access_policy_manager *
f5 big-ip_global_traffic_manager *
redhat integration_service_registry -
redhat advanced_cluster_security 3.0
redhat openshift_developer_tools_and_services -
f5 big-ip_advanced_web_application_firewall 17.1.0
redhat openshift_api_for_data_protection -
f5 big-ip_webaccelerator *
f5 big-ip_application_security_manager 17.1.0
redhat build_of_optaplanner 8.0
debian debian_linux 11.0
f5 big-ip_local_traffic_manager 17.1.0
redhat openshift_dev_spaces -
f5 big-ip_application_security_manager *
cisco secure_malware_analytics *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_ddos_hybrid_defender *
cisco unified_contact_center_management_portal -
microsoft windows_10_21h2 *
redhat jboss_fuse 6.0.0
fedoraproject fedora 37
netapp astra_control_center -
redhat jboss_a-mq 7
linkerd linkerd 2.13.1
cisco crosswork_data_gateway 5.0
f5 big-ip_application_acceleration_manager *
apache solr *
redhat advanced_cluster_security 4.0
cisco business_process_automation *
redhat openshift_serverless -
cisco expressway *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
cisco telepresence_video_communication_server *
varnish_cache_project varnish_cache *
f5 nginx_plus *
f5 big-ip_websafe 17.1.0
f5 big-ip_policy_enforcement_manager *
kazu-yamamoto http2 *
redhat integration_camel_for_spring_boot -
fedoraproject fedora 38
f5 big-ip_application_visibility_and_reporting *
cisco unified_attendant_console_advanced -
f5 big-ip_access_policy_manager 17.1.0
redhat cost_management -
amazon opensearch_data_prepper *
debian debian_linux 10.0
envoyproxy envoy 1.26.4
grpc grpc *
apache tomcat 11.0.0
linkerd linkerd 2.14.1
microsoft windows_server_2019 -
redhat jboss_data_grid 7.0.0
f5 nginx_ingress_controller *
f5 big-ip_next_service_proxy_for_kubernetes *
redhat jboss_enterprise_application_platform 7.0.0
cisco prime_access_registrar *
cisco data_center_network_manager -
caddyserver caddy *
redhat service_interconnect 1.0
eclipse jetty *
cisco ultra_cloud_core_-_serving_gateway_function *
redhat openshift_container_platform_assisted_installer -
jenkins jenkins *
redhat machine_deletion_remediation_operator -
redhat openstack_platform 16.2
redhat openstack_platform 17.1
cisco firepower_threat_defense *
redhat openshift_gitops -
cisco secure_dynamic_attributes_connector *
f5 big-ip_domain_name_system *
f5 big-ip_ddos_hybrid_defender 17.1.0
grpc grpc 1.57.0
redhat advanced_cluster_management_for_kubernetes 2.0
cisco fog_director *
microsoft windows_10_22h2 *
f5 big-ip_carrier-grade_nat 17.1.0
linkerd linkerd 2.14.0
redhat enterprise_linux 6.0
redhat enterprise_linux 9.0
redhat build_of_quarkus -
linecorp armeria *
redhat openstack_platform 16.1
microsoft asp.net_core *
istio istio *
netty netty *
dena h2o *
cisco prime_network_registrar *
cisco crosswork_data_gateway *
projectcontour contour *
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_websafe *
f5 big-ip_advanced_firewall_manager 17.1.0
nodejs node.js *
microsoft azure_kubernetes_service *
redhat network_observability_operator -
linkerd linkerd *
redhat migration_toolkit_for_applications 6.0
cisco unified_contact_center_domain_manager -
cisco unified_contact_center_enterprise_-_live_data_server *
cisco iot_field_network_director *
microsoft cbl-mariner *
cisco ultra_cloud_core_-_session_management_function *
f5 big-ip_webaccelerator 17.1.0
redhat run_once_duration_override_operator -
openresty openresty *
redhat self_node_remediation_operator -
redhat quay 3.0.0
traefik traefik *
redhat cryostat 2.0
redhat jboss_fuse 7.0.0
f5 big-ip_fraud_protection_service *
redhat openshift_distributed_tracing -
redhat enterprise_linux 8.0
konghq kong_gateway *
f5 big-ip_next 20.0.1
akka http_server *
ietf http 2.0
f5 big-ip_advanced_web_application_firewall *
redhat process_automation 7.0
cisco secure_web_appliance_firmware *
microsoft windows_10_1809 *
redhat openshift_pipelines -
cisco unified_contact_center_enterprise -
redhat service_telemetry_framework 1.5
redhat ceph_storage 5.0
cisco crosswork_situation_manager -
microsoft visual_studio_2022 *
f5 big-ip_analytics *
apache apisix *
cisco prime_infrastructure *
redhat satellite 6.0
apache tomcat *
microsoft .net *
redhat openshift_sandboxed_containers -
redhat migration_toolkit_for_virtualization -
redhat certification_for_red_hat_enterprise_linux 9.0
redhat migration_toolkit_for_containers -
f5 big-ip_global_traffic_manager 17.1.0
f5 nginx_plus r30
redhat node_maintenance_operator -
microsoft windows_server_2022 -
redhat single_sign-on 7.0
redhat web_terminal -
f5 nginx_plus r29
cisco ultra_cloud_core_-_policy_control_function *
redhat jboss_a-mq_streams -
cisco ultra_cloud_core_-_policy_control_function 2024.01.0
f5 big-ip_local_traffic_manager *
envoyproxy envoy 1.24.10
redhat openshift_container_platform 4.0
microsoft windows_10_1607 *
microsoft windows_11_21h2 *
golang networking *
golang http2 *
redhat jboss_core_services -
redhat logging_subsystem_for_red_hat_openshift -
apple swiftnio_http/2 *
redhat support_for_spring_boot -
f5 nginx *
redhat decision_manager 7.0
f5 big-ip_carrier-grade_nat *
redhat openshift_data_science -
redhat fence_agents_remediation_operator -
redhat openshift_secondary_scheduler_operator -
redhat certification_for_red_hat_enterprise_linux 8.0
debian debian_linux 12.0
facebook proxygen *
microsoft windows_11_22h2 *
f5 big-ip_link_controller 17.1.0
envoyproxy envoy 1.27.0
redhat ansible_automation_platform 2.0
redhat openshift_service_mesh 2.0
CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N 2.2 2.7

Products Affected

Vendor Product Version
varnish_cache_project varnish_cache *
varnish-software varnish_enterprise 6.0.11
varnish-software varnish_enterprise 6.0.13
varnish-software varnish_enterprise 6.0.12