The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Varnish

Varnish Cache: assertion error via HTTP Proxy Protocol V2
An attacker can force an assertion error via HTTP Proxy Protocol V2 of Varnish Cache, in order to trigger a denial of service...
CVE-2020-11653, VIGILANCE-VUL-31509
Varnish Cache: information disclosure via Workspace Pointer
An attacker can bypass access restrictions to data via Workspace Pointer of Varnish Cache, in order to obtain sensitive information...
CVE-2019-20637, VIGILANCE-VUL-30680, VSV00004
Varnish Cache: assertion error via HTTP/1 Keepalive
An attacker can force an assertion error via HTTP/1 Keepalive of Varnish Cache, in order to trigger a denial of service...
CVE-2019-15892, DSA-4514-1, openSUSE-SU-2019:2184-1, openSUSE-SU-2019:2221-1, VIGILANCE-VUL-30231, VSV00003
Varnish Cache: information disclosure via Stevedores
An attacker can bypass access restrictions to data via Stevedores of Varnish Cache, in order to obtain sensitive information...
CVE-2017-8807, DSA-4034-1, VIGILANCE-VUL-24446, VSV00002
Varnish Cache: assertion error via Transfer-Encoding Chunked
An attacker can force an assertion error via Transfer-Encoding Chunked of Varnish Cache, in order to trigger a denial of service...
CVE-2017-12425, DSA-3924-1, FEDORA-2017-bfbc5de1b1, VIGILANCE-VUL-23425
Web servers: creating client queries via the Proxy header
An attacker can send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy...
1117414, 1994719, 1994725, 1999671, APPLE-SA-2017-09-25-1, bulletinjul2017, bulletinoct2016, c05324759, CERTFR-2016-AVI-240, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cpujan2018, CVE-2016-1000103-REJECT, CVE-2016-1000104, CVE-2016-1000105-REJECT, CVE-2016-1000107, CVE-2016-1000108, CVE-2016-1000109, CVE-2016-1000110, CVE-2016-1000111, CVE-2016-1000212, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, DLA-1883-1, DLA-553-1, DLA-568-1, DLA-583-1, DLA-749-1, DRUPAL-SA-CORE-2016-003, DSA-2019-131, DSA-3623-1, DSA-3631-1, DSA-3642-1, EZSA-2016-001, FEDORA-2016-07e9059072, FEDORA-2016-2c324d0670, FEDORA-2016-340e361b90, FEDORA-2016-4094bd4ad6, FEDORA-2016-4e7db3d437, FEDORA-2016-604616dc33, FEDORA-2016-683d0b257b, FEDORA-2016-970edb82d4, FEDORA-2016-9c8cf5912c, FEDORA-2016-9de7253cc7, FEDORA-2016-9fd814a7f2, FEDORA-2016-9fd9bfab9e, FEDORA-2016-a29c65b00f, FEDORA-2016-aef8a45afe, FEDORA-2016-c1b01b9278, FEDORA-2016-df0726ae26, FEDORA-2016-e2c8f5f95a, FEDORA-2016-ea5e284d34, HPSBUX03665, HT207615, HT208144, HT208221, httpoxy, JSA10770, JSA10774, openSUSE-SU-2016:1824-1, openSUSE-SU-2016:2054-1, openSUSE-SU-2016:2055-1, openSUSE-SU-2016:2115-1, openSUSE-SU-2016:2120-1, openSUSE-SU-2016:2252-1, openSUSE-SU-2016:2536-1, openSUSE-SU-2016:3092-1, openSUSE-SU-2016:3157-1, openSUSE-SU-2017:0223-1, openSUSE-SU-2020:0086-1, RHSA-2016:1420-01, RHSA-2016:1421-01, RHSA-2016:1422-01, RHSA-2016:1538-01, RHSA-2016:1609-01, RHSA-2016:1610-01, RHSA-2016:1611-01, RHSA-2016:1612-01, RHSA-2016:1613-01, RHSA-2016:1624-01, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, RHSA-2016:1635-01, RHSA-2016:1636-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:1978-01, RHSA-2016:2045-01, RHSA-2016:2046-01, SSA:2016-203-02, SSA:2016-358-01, SSA:2016-363-01, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, SUSE-SU-2019:0223-1, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, USN-3038-1, USN-3045-1, USN-3134-1, USN-3177-1, USN-3177-2, USN-3585-1, VIGILANCE-VUL-20143, VU#797896
Varnish: cache poisoning via CR
An attacker can use special HTTP headers with Varnish, in order to read or alter cache data...
CVE-2015-8852, DSA-3553-1, openSUSE-SU-2016:1316-1, VIGILANCE-VUL-16444
Varnish: buffer overflow of Content-Length
An attacker, who is located behind Varnish, can generate a buffer overflow via a Content-Length on Varnish, in order to trigger a denial of service, and possibly to execute code...
FEDORA-2015-4079, VIGILANCE-VUL-16340
Varnish: denial of service via Vary
An attacker, who is located behind Varnish, can send a malicious Vary header to Varnish, in order to trigger a denial of service...
VIGILANCE-VUL-14985
Varnish: denial of service via spaces
An attacker can send a malformed GET query to Varnish, in order to trigger a denial of service...
1367, BID-63451, CVE-2013-4484, DSA-2814-1, FEDORA-2013-24018, FEDORA-2013-24023, MDVSA-2014:036, openSUSE-SU-2013:1679-1, openSUSE-SU-2013:1683-1, VIGILANCE-VUL-13675
Our database contains other pages. You can request a free trial to read them.

Display information about Varnish: