FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b0c83e1a-8153-11ec-84f9-641c67a117d8	varnish -- Request Smuggling Vulnerability Varnish Cache Project reports: A request smuggling attack can be performed on HTTP/1 connections on Varnish Cache servers. The smuggled request would be treated as an additional request by the Varnish server, go through normal VCL processing, and injected as a spurious response on the client connection. Discovery 2022-01-25 Entry 2022-01-29 varnish6 < 6.6.2 varnish4 < 4.1.11r6 CVE-2022-23959 https://varnish-cache.org/security/VSV00008.html https://docs.varnish-software.com/security/VSV00008/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959
5b8d8dee-6088-11ed-8c5e-641c67a117d8	varnish -- HTTP/2 Request Forgery Vulnerability Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server. Discovery 2022-11-08 Entry 2022-11-09 varnish7 < 7.2.1 varnish6 le 6.6.2 https://varnish-cache.org/security/VSV00011.html
f25a34b1-910d-11ee-a1a2-641c67a117d8	varnish -- HTTP/2 Rapid Reset Attack Varnish Cache Project reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large volume of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing the Varnish server to consume unnecessary resources processing requests for which the response will not be delivered. Discovery 2023-11-13 Entry 2023-12-02 varnish7 < 7.4.2 varnish6 < 6.6.3 CVE-2023-44487 https://varnish-cache.org/security/VSV00013.html

VuXML ID

Description

b0c83e1a-8153-11ec-84f9-641c67a117d8

varnish -- Request Smuggling Vulnerability

Varnish Cache Project reports:

A request smuggling attack can be performed on HTTP/1 connections on Varnish Cache servers. The smuggled request would be treated as an additional request by the Varnish server, go through normal VCL processing, and injected as a spurious response on the client connection.

Discovery 2022-01-25
Entry 2022-01-29
varnish6

< 6.6.2

varnish4

< 4.1.11r6

CVE-2022-23959
https://varnish-cache.org/security/VSV00008.html
https://docs.varnish-software.com/security/VSV00008/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959

5b8d8dee-6088-11ed-8c5e-641c67a117d8

varnish -- HTTP/2 Request Forgery Vulnerability

Varnish Cache Project reports:

A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server.

Discovery 2022-11-08
Entry 2022-11-09
varnish7

< 7.2.1

varnish6

le 6.6.2

https://varnish-cache.org/security/VSV00011.html

f25a34b1-910d-11ee-a1a2-641c67a117d8

varnish -- HTTP/2 Rapid Reset Attack

Varnish Cache Project reports:

A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large volume of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing the Varnish server to consume unnecessary resources processing requests for which the response will not be delivered.

Discovery 2023-11-13
Entry 2023-12-02
varnish7

< 7.4.2

varnish6

< 6.6.3

CVE-2023-44487
https://varnish-cache.org/security/VSV00013.html