Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Varnish Cache 授权问题漏洞
Vulnerability Description
Varnish Cache是一套反向网站缓存服务器。 Varnish Cache(Varnish)存在授权问题漏洞,Varnish 2.1.0 之前的反向代理服务器中的主进程中的命令行界面(又名服务器 CLI 或管理界面)不需要对通过 TCP 端口接收的命令进行身份验证,这允许远程攻击者( 1) 通过 vcl.inline 指令执行任意代码,该指令提供包含内联 C 代码的 VCL 配置文件;(2) 通过 param.set、stop 和 start 指令改变主进程的所有权;(3) 通过 vcl.load
CVSS Information
N/A
Vulnerability Type
N/A