An issue exists in Varnish Cache prior to 6.0.4 LTS, and 6.1.x and 6.2.x prior to 6.2.1. An HTTP/1 parsing failure allows a remote malicious user to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
varnish cache project varnish cache |
||
varnish-software varnish cache |
||
debian debian linux 10.0 |