Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-12425

Опубликовано: 04 авг. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:varnish-cache:varnish:4.0.2:rc-1:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-1:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-2:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-2-proper:*:*:*:*:*:*
cpe:2.3:a:varnish-cache:varnish:4.0.3:rc-3:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:4.0.4:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:varnish-cache:varnish:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.0:technology_preview1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.1:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.3:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.4:beta3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:4.1.7:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:varnish_cache_project:varnish_cache:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01046
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2017-12425

CVSS3: 7.5
ubuntu
больше 8 лет назад

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

redhat логотип

CVE-2017-12425

CVSS3: 5.3
redhat
больше 8 лет назад

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

debian логотип

CVE-2017-12425

CVSS3: 7.5
debian
больше 8 лет назад

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1 ...

github логотип

GHSA-jhqh-84v8-3cw2

CVSS3: 7.5
github
больше 3 лет назад

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

EPSS

Процентиль: 77%
0.01046
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190