Varnish Cache Project Varnish Cache 5.0.0 Beta 1

CPE Details

Varnish Cache Project Varnish Cache 5.0.0 Beta 1
varnish_cache_project
varnish_cache
5.0.0
2022-08-02
14h22 +00:00
2022-08-02
17h21 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:varnish_cache_project:varnish_cache:5.0.0:beta1:*:*:*:*:*:*

Informations

Vendor

varnish_cache_project

Product

varnish_cache

Version

5.0.0

Update

beta1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-30346 2025-03-21 00h00 +00:00 Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
5.4
Moyen
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
Haute
CVE-2022-45060 2022-11-08 23h00 +00:00 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
7.5
Haute
CVE-2021-36740 2021-07-14 14h07 +00:00 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
6.5
Moyen
CVE-2017-8807 2017-11-16 01h00 +00:00 vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.
9.1
Critique
CVE-2017-12425 2017-08-04 07h00 +00:00 An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
7.5
Haute