Varnish Cache Project Varnish Cache 5.2.1

CPE Details

Varnish Cache Project Varnish Cache 5.2.1
varnish_cache_project
varnish_cache
5.2.1
2022-08-02
14h22 +00:00
2022-08-02
17h21 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:varnish_cache_project:varnish_cache:5.2.1:*:*:*:*:*:*:*

Informations

Vendor

varnish_cache_project

Product

varnish_cache

Version

5.2.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-30346 2025-03-21 00h00 +00:00 Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
5.4
Moyen
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
Haute
CVE-2022-45060 2022-11-08 23h00 +00:00 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
7.5
Haute
CVE-2021-36740 2021-07-14 14h07 +00:00 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
6.5
Moyen