HTTP/1 Parsing Failure Denial of Service Vulnerability in Varnish Cache

HTTP/1 Parsing Failure Denial of Service Vulnerability in Varnish Cache

CVE-2019-15892 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:N/A:C

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.

Learn more about our Web Application Penetration Testing UK.