Published: 08/04/2020 Updated: 02/08/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in Varnish Cache prior to 6.0.5 LTS, 6.1.x and 6.2.x prior to 6.2.2, and 6.3.x prior to 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
varnish-cache varnish cache
varnish-software varnish cache
opensuse leap 15.1
opensuse backports sle 15.0

Synopsis Moderate: varnish:6 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...

Debian Bug report logs - #956305 varnish: CVE-2019-20637 Package: src:varnish; Maintainer for src:varnish is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 Apr 2020 15:00:01 UTC Severity: important Tags: security, upstream Found ...

Several security issues were fixed in Varnish Cache ...

CWE-212 http://varnish-cache.org/security/VSV00004.html#vsv00004 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html https://access.redhat.com/errata/RHSA-2020:4756 https://ubuntu.com/security/notices/USN-5474-1 https://nvd.nist.gov

CVE-2019-20637

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect