Main Vulnerability Database Vulnerabilities #VU79811

Input validation error in Varnish Cache and Varnish Enterprise - #VU79811

Published: August 22, 2023

Vulnerability identifier: #VU79811

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Varnish Cache
Varnish Enterprise

Software vendor:
Varnish Software

Description

The vulnerability allows a remote attacker to bypass authentication process or gain access to sensitive information.

The vulnerability exists due to insufficient validation of base64-encoded data in vmod-digest module. A remote attacker can send specially crafted data to the server and bypass HTTP Basic authentication or gain access to sensitive information from reading out of band workspace data.

Remediation

Install updates from vendor's website.

External links

https://docs.varnish-software.com/security/VSV00012

Input validation error in Varnish Cache and Varnish Enterprise - #VU79811

Description

Remediation

External links

Please verify you're human