Lucene search

K

Veracode Vulnerability DatabaseVERACODE:29240

HistoryFeb 03, 2021 - 7:42 a.m.

Denial Of Service (DoS)

2021-02-0307:42:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

denial of service

varnish cache

remote attacker

http/1 requests

keep-alive connection

restart

EPSS

0.042

Percentile

92.4%

varnish cache is vulnerable to denial of service. A remote attacker is able to crash the application by sending malicious HTTP/1 requests processed on the same HTTP/1 keep-alive connection. This causes Varnish to restart with a clean cache, resulting in a denial of service condition.

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html

access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/

access.redhat.com/errata/RHEA-2020:2262

bugzilla.redhat.com/show_bug.cgi?id=1756079

lists.fedoraproject.org/archives/list/[email protected]/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/

lists.fedoraproject.org/archives/list/[email protected]/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/

lists.fedoraproject.org/archives/list/[email protected]/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/

seclists.org/bugtraq/2019/Sep/5

varnish-cache.org/security/VSV00003.html

www.debian.org/security/2019/dsa-4514

EPSS

0.042

Percentile

92.4%

Related for VERACODE:29240

nessus9 fedora5 openvas7 prion1 cve1 redhatcve1 osv3 debian1 alpinelinux1 ubuntucve1 suse2 debiancve1 cvelist1 nvd1 rocky1 oraclelinux1 almalinux1 redhat1