Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-47905

Опубликовано: 13 мая 2025
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.

EPSS

Процентиль: 15%
0.00051
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-444

Связанные уязвимости

CVSS3: 5.4
ubuntu
3 месяца назад

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.

CVSS3: 8.1
redhat
3 месяца назад

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.

CVSS3: 5.4
debian
3 месяца назад

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterpris ...

CVSS3: 5.4
github
3 месяца назад

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.

oracle-oval
около 1 месяца назад

ELSA-2025-8550: varnish security update (IMPORTANT)

EPSS

Процентиль: 15%
0.00051
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-444