CVE-2013-4090EUVD-2013-402112.02.2020, 16:15Varnish HTTP cache before 3.0.4: ACL bugEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 57%Affected Products (NVD)VendorProductVersionvarnish_cache_projectvarnish_cache𝑥< 3.0.4𝑥= Vulnerable software versionsDebian ReleasesDebian ProductCodenamevarnishbookworm7.1.1-1.1fixedbullseye6.5.1-1+deb11u3fixedbullseye (security)6.5.1-1+deb11u3fixedsid7.6.0-2fixedtrixie7.6.0-2fixedUbuntu ReleasesUbuntu ProductCodenamevarnishbionicnot-affectedeoannot-affectedtrustynot-affectedxenialnot-affectedKnown Exploits!https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.htmlhttps://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.htmlReferenceshttps://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.htmlhttps://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.html
