FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5b8d8dee-6088-11ed-8c5e-641c67a117d8	varnish -- HTTP/2 Request Forgery Vulnerability Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server. Discovery 2022-11-08 Entry 2022-11-09 varnish7 < 7.2.1 varnish6 le 6.6.2 https://varnish-cache.org/security/VSV00011.html
b10d1afa-6087-11ed-8c5e-641c67a117d8	varnish -- Request Smuggling Vulnerability Varnish Cache Project reports: A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Among the headers that can be filtered this way are both Content-Length and Host, making it possible for an attacker to both break the HTTP/1 protocol framing, and bypass request to host routing in VCL. Discovery 2022-11-08 Entry 2022-11-09 varnish7 < 7.2.1 https://varnish-cache.org/security/VSV00010.html
c3610f39-18f1-11ed-9854-641c67a117d8	varnish -- Denial of Service Vulnerability Varnish Cache Project reports: A denial of service attack can be performed against Varnish Cache servers by specially formatting the reason phrase of the backend response status line. In order to execute an attack, the attacker would have to be able to influence the HTTP/1 responses that the Varnish Server receives from its configured backends. A successful attack would cause the Varnish Server to assert and automatically restart. Discovery 2022-08-09 Entry 2022-08-10 varnish7 < 7.1.1 https://varnish-cache.org/security/VSV00009.html

VuXML ID

Description

5b8d8dee-6088-11ed-8c5e-641c67a117d8

varnish -- HTTP/2 Request Forgery Vulnerability

Varnish Cache Project reports:

A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server.

Discovery 2022-11-08
Entry 2022-11-09
varnish7

< 7.2.1

varnish6

le 6.6.2

https://varnish-cache.org/security/VSV00011.html

b10d1afa-6087-11ed-8c5e-641c67a117d8

varnish -- Request Smuggling Vulnerability

Varnish Cache Project reports:

A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Among the headers that can be filtered this way are both Content-Length and Host, making it possible for an attacker to both break the HTTP/1 protocol framing, and bypass request to host routing in VCL.

Discovery 2022-11-08
Entry 2022-11-09
varnish7

< 7.2.1

https://varnish-cache.org/security/VSV00010.html

c3610f39-18f1-11ed-9854-641c67a117d8

varnish -- Denial of Service Vulnerability

Varnish Cache Project reports:

A denial of service attack can be performed against Varnish Cache servers by specially formatting the reason phrase of the backend response status line. In order to execute an attack, the attacker would have to be able to influence the HTTP/1 responses that the Varnish Server receives from its configured backends. A successful attack would cause the Varnish Server to assert and automatically restart.

Discovery 2022-08-09
Entry 2022-08-10
varnish7

< 7.1.1

https://varnish-cache.org/security/VSV00009.html