CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
55.5%
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x
before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a
TLS termination proxy uses PROXY version 2. There can be an assertion
failure and daemon restart, which causes a performance loss.
github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62
launchpad.net/bugs/cve/CVE-2020-11653
nvd.nist.gov/vuln/detail/CVE-2020-11653
security-tracker.debian.org/tracker/CVE-2020-11653
ubuntu.com/security/notices/USN-5474-1
varnish-cache.org/security/VSV00005.html#vsv00005
www.cve.org/CVERecord?id=CVE-2020-11653
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
55.5%