An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.
References
Configurations
History
07 Nov 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
02 Aug 2022, 19:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Varnish-software varnish Cache
Varnish-software |
|
CPE | cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:* |
02 Aug 2022, 16:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:* | |
First Time |
Varnish Cache Project varnish Cache
Varnish Cache Project |
21 Jun 2022, 16:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:*:*:*:* | |
First Time |
Varnish-cache varnish Cache
|
Information
Published : 2019-09-03 21:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-15892
Mitre link : CVE-2019-15892
CVE.ORG link : CVE-2019-15892
JSON object : View
Products Affected
varnish-software
- varnish_cache
debian
- debian_linux
varnish_cache_project
- varnish_cache
CWE
CWE-617
Reachable Assertion