FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
5b8d8dee-6088-11ed-8c5e-641c67a117d8 | varnish -- HTTP/2 Request Forgery Vulnerability
Varnish Cache Project reports:
A request forgery attack can be performed on Varnish Cache servers that
have the HTTP/2 protocol turned on. An attacker may introduce
characters through the HTTP/2 pseudo-headers that are invalid in the
context of an HTTP/1 request line, causing the Varnish server to
produce invalid HTTP/1 requests to the backend. This may in turn be
used to successfully exploit vulnerabilities in a server behind the
Varnish server.
Discovery 2022-11-08 Entry 2022-11-09 varnish7
< 7.2.1
varnish6
le 6.6.2
https://varnish-cache.org/security/VSV00011.html
|
b10d1afa-6087-11ed-8c5e-641c67a117d8 | varnish -- Request Smuggling Vulnerability
Varnish Cache Project reports:
A request smuggling attack can be performed on Varnish Cache servers by
requesting that certain headers are made hop-by-hop, preventing the
Varnish Cache servers from forwarding critical headers to the backend.
Among the headers that can be filtered this way are both Content-Length
and Host, making it possible for an attacker to both break the HTTP/1
protocol framing, and bypass request to host routing in VCL.
Discovery 2022-11-08 Entry 2022-11-09 varnish7
< 7.2.1
https://varnish-cache.org/security/VSV00010.html
|
c3610f39-18f1-11ed-9854-641c67a117d8 | varnish -- Denial of Service Vulnerability
Varnish Cache Project reports:
A denial of service attack can be performed against Varnish Cache
servers by specially formatting the reason phrase of the backend response
status line. In order to execute an attack, the attacker would have to
be able to influence the HTTP/1 responses that the Varnish Server
receives from its configured backends. A successful attack would cause
the Varnish Server to assert and automatically restart.
Discovery 2022-08-09 Entry 2022-08-10 varnish7
< 7.1.1
https://varnish-cache.org/security/VSV00009.html
|