Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-30156

Published: 24/03/2024 Updated: 25/03/2024

Vulnerability Summary

Varnish Cache prior to 7.3.2 and 7.4.x prior to 7.4.3 (and prior to 6.0.13 LTS), and Varnish Enterprise 6 prior to 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

Vulnerability Trend

Vendor Advisories

Debian CVElist Bug Report Logs: varnish: CVE-2024-30156
Debian Bug report logs - #1068455 varnish: CVE-2024-30156 Package: src:varnish; Maintainer for src:varnish is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 5 Apr 2024 14:54:02 UTC Severity: important Tags: security, upstream Found in ...

References

https://varnish-cache.org/security/VSV00014.htmlhttps://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#securityhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068455https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook