Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-20637

Опубликовано: 21 окт. 2019
Источник: redhat
CVSS3: 3.1

Описание

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Software Collectionsrh-varnish5-varnishFix deferred
Red Hat Software Collectionsrh-varnish6-varnishAffected
Red Hat Enterprise Linux 8varnishFixedRHSA-2020:475604.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1772362varnish: not clearing pointer between two client requests leads to information disclosure

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-20637

CVSS3: 7.5
ubuntu
почти 6 лет назад

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

nvd логотип

CVE-2019-20637

CVSS3: 7.5
nvd
почти 6 лет назад

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

debian логотип

CVE-2019-20637

CVSS3: 7.5
debian
почти 6 лет назад

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...

github логотип

GHSA-h2vv-cmjp-m2w5

CVSS3: 7.5
github
больше 3 лет назад

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

suse-cvrf логотип

openSUSE-SU-2020:0808-1

suse-cvrf
больше 5 лет назад

Security update for varnish

3.1 Low

CVSS3

Уязвимость CVE-2019-20637