varnish

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description High-performance HTTP accelerator
Version 7.6.0-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2154 6.6.0-2 6.6.1-1 Medium Fixed
AVG-502 5.1.3-1 5.2.1-1 Medium Fixed FS#56376
AVG-374 5.1.2-1 5.1.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-36740 AVG-2154 Medium Yes Url request injection
Varnish Cache before version 6.6.1, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content- Length header for a POST request.
CVE-2017-12425 AVG-374 High Yes Denial of service
A remote, non-authenticated denial of service has been found in varnish < 5.1.3. A wrong if statement in the varnishd source code can trigger an assert when...
CVE-2017-8807 AVG-502 Medium Yes Information disclosure
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive...

Advisories

Date Advisory Group Severity Type
14 Jul 2021 ASA-202107-28 AVG-2154 Medium url request injection
26 Nov 2017 ASA-201711-29 AVG-502 Medium information disclosure
10 Aug 2017 ASA-201708-4 AVG-374 High denial of service