Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Varnish HTTP Cache 安全漏洞
Vulnerability Description
Varnish HTTP Cache是丹麦软件开发者Poul-Henning Kamp所研发的一款高性能、开源的反向代理服务器和缓存服务器。该服务器采用Visual Page Cache技术,可实现所有缓存的数据直接从内存读取,从而提高访问速度。 Varnish HTTP Cache中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(varnishd worker进程中止和重启),并造成进程内容丢失。以下版本受到影响:Varnish HTTP Cache 4.0.1版本至4.0.4版本,4.1.0版本至4.1
CVSS Information
N/A
Vulnerability Type
N/A