Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2017-8807

Published: 16/11/2017 Updated: 02/08/2022
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Varnish

Vulnerability Summary

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x prior to 4.1.9 and 5.x prior to 5.2.1 allows remote malicious users to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

varnish-cache varnish

varnish cache project varnish cache

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient objects
Debian Bug report logs - #881808 varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient objects Package: src:varnish; Maintainer for src:varnish is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 15 Nov 2017 11:45:01 UTC Se ...
Debian Security Advisories: DSA-4034-1 varnish -- security update
'shamger' and Carlo Cannas discovered that a programming error in Varnish, a state of the art, high-performance web accelerator, may result in disclosure of memory contents or denial of service See varnish-cacheorg/security/VSV00002html for details For the stable distribution (stretch), this problem has been fixed in version 500-7+deb ...
Red Hat: CVE-2017-8807
vbf_stp_error in bin/varnishd/cache/cache_fetchc in Varnish HTTP Cache 41x before 419 and 5x before 521 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects ...
Arch Linux Issues:
vbf_stp_error in bin/varnishd/cache/cache_fetchc in Varnish HTTP Cache 41x before 419 and 5x before 521 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects ...

References

CWE-119https://github.com/varnishcache/varnish-cache/pull/2429https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7https://bugs.debian.org/881808http://varnish-cache.org/security/VSV00002.htmlhttps://www.debian.org/security/2017/dsa-4034http://www.securityfocus.com/bid/101886https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808https://nvd.nist.govhttps://www.debian.org/security/./dsa-4034
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgeryCVE-2024-34351CVE-2024-1076CVE-2024-25522CVE-2024-34547CVE-2024-4644unauthorizedremoteCVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook