FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
05b7180b-e571-11ee-a1c0-0050569f0b83	www/varnish7 -- Denial of Service The Varnish Development Team reports: A denial of service attack can be performed on Varnish Cacher servers that have the HTTP/2 protocol turned on. An attacker can let the servers HTTP/2 connection control flow window run out of credits indefinitely and prevent progress in the processing of streams, retaining the associated resources. Discovery 2019-04-19 Entry 2024-03-18 varnish7 < 7.4.3 CVE-2023-43622 https://varnish-cache.org/security/VSV00014.html#vsv00014
f25a34b1-910d-11ee-a1a2-641c67a117d8	varnish -- HTTP/2 Rapid Reset Attack Varnish Cache Project reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large volume of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing the Varnish server to consume unnecessary resources processing requests for which the response will not be delivered. Discovery 2023-11-13 Entry 2023-12-02 varnish7 < 7.4.2 varnish6 < 6.6.3 CVE-2023-44487 https://varnish-cache.org/security/VSV00013.html

VuXML ID

Description

05b7180b-e571-11ee-a1c0-0050569f0b83

www/varnish7 -- Denial of Service

The Varnish Development Team reports:

A denial of service attack can be performed on Varnish Cacher servers that have the HTTP/2 protocol turned on. An attacker can let the servers HTTP/2 connection control flow window run out of credits indefinitely and prevent progress in the processing of streams, retaining the associated resources.

Discovery 2019-04-19
Entry 2024-03-18
varnish7

< 7.4.3

CVE-2023-43622
https://varnish-cache.org/security/VSV00014.html#vsv00014

f25a34b1-910d-11ee-a1a2-641c67a117d8

varnish -- HTTP/2 Rapid Reset Attack

Varnish Cache Project reports:

A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large volume of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing the Varnish server to consume unnecessary resources processing requests for which the response will not be delivered.

Discovery 2023-11-13
Entry 2023-12-02
varnish7

< 7.4.2

varnish6

< 6.6.3

CVE-2023-44487
https://varnish-cache.org/security/VSV00013.html