CVE-2019-15892

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-15892
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/
https://seclists.org/bugtraq/2019/Sep/5 Mailing List Third Party Advisory
https://varnish-cache.org/security/VSV00003.html Vendor Advisory
https://www.debian.org/security/2019/dsa-4514 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

07 Nov 2023, 03:05

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/', 'name': 'FEDORA-2019-8a85a90af6', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/', 'name': 'FEDORA-2019-feec5e0afd', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/', 'name': 'FEDORA-2019-a0a0cdef92', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/ -

02 Aug 2022, 19:00

Type Values Removed Values Added
First Time Varnish-software varnish Cache
Varnish-software
CPE cpe:2.3:a:varnish-cache:varnish:*:*:*:*:lts:*:*:* cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*

02 Aug 2022, 16:29

Type Values Removed Values Added
CPE cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:*:*:*:* cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
First Time Varnish Cache Project varnish Cache
Varnish Cache Project

21 Jun 2022, 16:58

Type Values Removed Values Added
CPE cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:*:*:*:*
First Time Varnish-cache varnish Cache
Information

Published : 2019-09-03 21:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-15892

Mitre link : CVE-2019-15892

CVE.ORG link : CVE-2019-15892

JSON object : View

Products Affected

varnish-software

  • varnish_cache

debian

  • debian_linux

varnish_cache_project

  • varnish_cache
CWE
CWE-617

Reachable Assertion