varnish-cache Varnish 4.1.0 tp-1

CPE Details

varnish-cache Varnish 4.1.0 tp-1
varnish-cache
varnish
4.1.0
2019-10-16
15h43 +00:00
2022-08-02
17h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:varnish-cache:varnish:4.1.0:tp-1:*:*:*:*:*:*

Informations

Vendor

varnish-cache

Product

varnish

Version

4.1.0

Update

tp-1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-8807 2017-11-16 01h00 +00:00 vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.
9.1
Critical
CVE-2017-12425 2017-08-04 07h00 +00:00 An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
7.5
High