Varnish Cache Project: >> Varnish Cache >> 2.1.2 Security Vulnerabilities
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-21
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Known exploited
CVSS Score
7.5
EPSS Score
0.944
Published
2023-10-10
Varnish HTTP cache before 3.0.4: ACL bug
CVSS Score
7.5
EPSS Score
0.004
Published
2020-02-12
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
CVSS Score
5.0
EPSS Score
0.013
Published
2013-11-01