Back to bug 1756079
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2019-09-26 17:34:39 UTC | CC | ingvar | |
| Guilherme de Almeida Suckevicz | 2019-09-26 17:48:52 UTC | Depends On | 1756081 | |
| Guilherme de Almeida Suckevicz | 2019-09-26 18:20:01 UTC | Doc Text | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. | |
| Guilherme de Almeida Suckevicz | 2019-09-26 18:35:08 UTC | Blocks | 1756091 | |
| Dhananjay Arunesh | 2019-09-27 05:09:04 UTC | Priority | high | medium |
| Severity | high | medium | ||
| Huzaifa S. Sidhpurwala | 2019-09-27 05:24:05 UTC | Fixed In Version | varnish 6.2.1 | |
| Doc Text | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. | A flaw was found in the way varnish parsed certain HTTP/1 requests. A remote attacker could use this flaw to crash varnish by sending specially-crafted multiple HTTP/1 requests processed on the same HTTP/1 keepalive connection. This causes varnish to restart with a clean cache, thereby causing denial of service. | ||
| Huzaifa S. Sidhpurwala | 2019-09-27 05:26:08 UTC | Depends On | 1756208 | |
| Huzaifa S. Sidhpurwala | 2019-09-27 05:28:11 UTC | Doc Text | A flaw was found in the way varnish parsed certain HTTP/1 requests. A remote attacker could use this flaw to crash varnish by sending specially-crafted multiple HTTP/1 requests processed on the same HTTP/1 keepalive connection. This causes varnish to restart with a clean cache, thereby causing denial of service. | A flaw was found in the way varnish parsed certain HTTP/1 requests. A remote attacker could use this flaw to crash varnish by sending specially-crafted multiple HTTP/1 requests processed on the same HTTP/1 keep-alive connection. This causes varnish to restart with a clean cache, thereby causing denial of service. |
| Ingvar Hagelund | 2019-09-27 08:38:09 UTC | Status | NEW | ON_QA |
| RaTasha Tillery-Smith | 2019-09-27 13:36:50 UTC | Doc Text | A flaw was found in the way varnish parsed certain HTTP/1 requests. A remote attacker could use this flaw to crash varnish by sending specially-crafted multiple HTTP/1 requests processed on the same HTTP/1 keep-alive connection. This causes varnish to restart with a clean cache, thereby causing denial of service. | A flaw was found in the way Varnish parsed certain HTTP/1 requests. A remote attacker could use this flaw to crash Varnish by sending specially crafted multiple HTTP/1 requests processed on the same HTTP/1 keep-alive connection. This causes Varnish to restart with a clean cache, causing a denial of service. |
| Luboš Uhliarik | 2019-10-21 11:30:25 UTC | CC | huzaifas | |
| Flags | needinfo?(huzaifas) | |||
| Huzaifa S. Sidhpurwala | 2019-10-22 04:45:22 UTC | Flags | needinfo?(huzaifas) | |
| Huzaifa S. Sidhpurwala | 2019-10-22 04:48:56 UTC | Depends On | 1763958 | |
| Huzaifa S. Sidhpurwala | 2019-10-22 04:55:14 UTC | Status | ON_QA | NEW |
| Pedro Sampaio | 2019-10-22 17:34:40 UTC | CC | psampaio | |
| Fixed In Version | varnish 6.2.1 | varnish 6.0.4, varnish 6.2.1 | ||
| Product Security DevOps Team | 2020-11-04 02:21:38 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2020-11-04 02:21:38 UTC | |||
| errata-xmlrpc | 2020-11-04 03:37:10 UTC | Link ID | Red Hat Product Errata RHSA-2020:4756 |
Back to bug 1756079