vulnerability
CentOS Linux: CVE-2019-15892: Moderate: varnish:6 security, bug fix, and enhancement update (CESA-2020:4756)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 3, 2019 | Nov 5, 2020 | May 25, 2023 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 3, 2019
Added
Nov 5, 2020
Modified
May 25, 2023
Description
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.
Solution(s)
centos-upgrade-varnishcentos-upgrade-varnish-develcentos-upgrade-varnish-docscentos-upgrade-varnish-modulescentos-upgrade-varnish-modules-debuginfocentos-upgrade-varnish-modules-debugsource
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.