Description
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and
6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to
trigger an assert by sending crafted HTTP/1 requests. The assert will cause
an automatic restart with a clean cache, which makes it a Denial of Service
attack.
Package
Upstream: | released
(6.2.1-1)
|
Ubuntu 18.04 LTS: | not-affected
(code not present)
|
Ubuntu 20.04 LTS: | not-affected
(6.2.1-2)
|
Ubuntu 14.04 ESM: | not-affected
(code not present)
|
Patches:
Updated: 2022-04-13 13:47:15 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)