Varnish Cache Project Varnish Cache 3.0.3 Release Candidate 1

CPE Details

Varnish Cache Project Varnish Cache 3.0.3 Release Candidate 1
varnish_cache_project
varnish_cache
3.0.3
2022-08-02
14h20 +00:00
2022-08-02
17h21 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:rc1:*:*:*:*:*:*

Informations

Vendor

varnish_cache_project

Product

varnish_cache

Version

3.0.3

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-30346 2025-03-21 00h00 +00:00 Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
5.4
Medium
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
High
CVE-2013-4090 2020-02-12 14h13 +00:00 Varnish HTTP cache before 3.0.4: ACL bug
7.5
High
CVE-2015-8852 2016-04-25 12h00 +00:00 Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
7.5
High
CVE-2013-0345 2014-05-08 12h00 +00:00 varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.
2.1
CVE-2013-4484 2013-11-01 00h00 +00:00 Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
5