varnish
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | High-performance HTTP accelerator |
| Version | 7.6.1-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2154 | 6.6.0-2 | 6.6.1-1 | Medium | Fixed | |
| AVG-502 | 5.1.3-1 | 5.2.1-1 | Medium | Fixed | FS#56376 |
| AVG-374 | 5.1.2-1 | 5.1.3-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-36740 | AVG-2154 | Medium | Yes | Url request injection | Varnish Cache before version 6.6.1, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content- Length header for a POST request. |
| CVE-2017-12425 | AVG-374 | High | Yes | Denial of service | A remote, non-authenticated denial of service has been found in varnish < 5.1.3. A wrong if statement in the varnishd source code can trigger an assert when... |
| CVE-2017-8807 | AVG-502 | Medium | Yes | Information disclosure | vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 14 Jul 2021 | ASA-202107-28 | AVG-2154 | Medium | url request injection |
| 26 Nov 2017 | ASA-201711-29 | AVG-502 | Medium | information disclosure |
| 10 Aug 2017 | ASA-201708-4 | AVG-374 | High | denial of service |