vulnerability
FreeBSD: VID-c3610f39-18f1-11ed-9854-641c67a117d8: varnish -- Denial of Service Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Aug 10, 2022 | Nov 4, 2022 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Aug 10, 2022
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Varnish Cache Project reports: A denial of service attack can be performed against Varnish Cache servers by specially formatting the reason phrase of the backend response status line. In order to execute an attack, the attacker would have to be able to influence the HTTP/1 responses that the Varnish Server receives from its configured backends. A successful attack would cause the Varnish Server to assert and automatically restart.
Solution
freebsd-upgrade-package-varnish7
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.