Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

varnish-cache varnish cache vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2024-30156
Varnish Cache prior to 7.3.2 and 7.4.x prior to 7.4.3 (and prior to 6.0.13 LTS), and Varnish Enterprise 6 prior to 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0Nghttp2 Nghttp2Netty NettyEnvoyproxy Envoy 1.27.0Envoyproxy Envoy 1.26.4Envoyproxy Envoy 1.25.9Envoyproxy Envoy 1.24.10Eclipse JettyCaddyserver CaddyGolang Http2Golang GoGolang NetworkingF5 Big-ip AnalyticsF5 Big-ip Policy Enforcement ManagerF5 Big-ip Local Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Global Traffic ManagerF5 Big-ip Fraud Protection ServiceF5 Big-ip Domain Name SystemF5 Big-ip Application Security ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall Manager
4.3
CVSSv3
CVE-2023-1929
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber...
Wpfastestcache Wp Fastest Cache
4.3
CVSSv3
CVE-2023-1920
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated malicio...
Wpfastestcache Wp Fastest Cache
7.5
CVSSv3
CVE-2022-45059
An issue exists in Varnish Cache 7.x prior to 7.1.2 and 7.2.x prior to 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the ...
Varnish Cache Project Varnish Cache 7.2.0Varnish Cache Project Varnish CacheFedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-45060
An HTTP Request Forgery issue exists in Varnish Cache 5.x and 6.x prior to 6.0.11, 7.x prior to 7.1.2, and 7.2.x prior to 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish serve...
Varnish-software Varnish Cache Plus 6.0.8Varnish Cache Project Varnish Cache 7.2.0Varnish Cache Project Varnish CacheVarnish-software Varnish Cache Plus 6.0.10Varnish-software Varnish Cache Plus 6.0.0Varnish-software Varnish Cache Plus 6.0.1Varnish-software Varnish Cache Plus 6.0.2Varnish-software Varnish Cache Plus 6.0.3Varnish-software Varnish Cache Plus 6.0.4Varnish-software Varnish Cache Plus 6.0.5Varnish-software Varnish Cache Plus 6.0.6Varnish-software Varnish Cache Plus 6.0.7Varnish-software Varnish Cache Plus 6.0.9Varnish-software Varnish CacheFedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37Debian Debian Linux 10.0Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-38150
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
Varnish Cache Project Varnish Cache 7.1.0Varnish Cache Project Varnish Cache 7.0.2Varnish Cache Project Varnish Cache 7.0.1Varnish Cache Project Varnish Cache 7.0.0Fedoraproject Fedora 35Fedoraproject Fedora 36
9.1
CVSSv3
CVE-2022-23959
In Varnish Cache prior to 6.6.2 and 7.x prior to 7.0.2, Varnish Cache 6.0 LTS prior to 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x prior to 4.1.11r6 and 6.0.x prior to 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Varnish-software Varnich Cache 4.1Varnish-software Varnich CacheVarnish Cache Project Varnish CacheVarnish-software Varnish CacheVarnish-software Varnish Cache PlusFedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2021-36740
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x prior to 6.0.8r3, and Varnish Cache 5.x and 6.x prior to 6.5.2, 6.6.x prior to 6.6.1, and 6.0 LTS ...
Varnish-cache Varnish CacheVarnish-cache Varnish Cache 6.0.8Varnish Cache Project Varnish CacheVarnish-software Varnish CacheFedoraproject Fedora 33Fedoraproject Fedora 34Debian Debian Linux 10.0Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2021-28543
Varnish varnish-modules prior to 0.17.1 allows remote malicious users to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varn...
Varnish-cache Varnish-modulesVarnish-cache Varnish-modules KlarlackFedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook