VYPR

Varnish

by Varnish.projects.linpro

Source repositories

CVEs (6)

  • CVE-2009-4488CriJan 13, 2010
    risk 0.68cvss 9.8epss 0.13

    Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…

  • CVE-2017-8807CriNov 16, 2017
    risk 0.59cvss 9.1epss 0.04

    vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving…

  • CVE-2017-12425HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow.…

  • CVE-2009-2936Apr 5, 2010
    risk 0.08cvss epss 0.64

    The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code…

  • CVE-2013-4484Nov 1, 2013
    risk 0.00cvss epss 0.03

    Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

  • CVE-2013-0325Mar 27, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting.