CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-38150

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.1%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2022-38150

Varnish Cache Project » Varnish Cache » Version: 7.0.0

cpe:2.3:a:varnish_cache_project:varnish_cache:7.0.0
Varnish Cache Project » Varnish Cache » Version: 7.0.1

cpe:2.3:a:varnish_cache_project:varnish_cache:7.0.1
Varnish Cache Project » Varnish Cache » Version: 7.0.2

cpe:2.3:a:varnish_cache_project:varnish_cache:7.0.2
Varnish Cache Project » Varnish Cache » Version: 7.1.0

cpe:2.3:a:varnish_cache_project:varnish_cache:7.1.0
Fedoraproject » Fedora » Version: 35

cpe:2.3:o:fedoraproject:fedora:35
Fedoraproject » Fedora » Version: 36

cpe:2.3:o:fedoraproject:fedora:36

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-38150

Products

Pricing

Contact Us