CVE-2013-409012.02.2020, 16:15Varnish HTTP cache before 3.0.4: ACL bugEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 56%VendorProductVersionvarnish_cache_projectvarnish_cache𝑥< 3.0.4𝑥= Vulnerable software versionsDebian ReleasesDebian ProductCodenamevarnishbullseye (security)6.5.1-1+deb11u3fixedbullseye6.5.1-1+deb11u3fixedbookworm7.1.1-1.1fixedsid7.6.0-2fixedtrixie7.6.0-2fixedUbuntu ReleasesUbuntu ProductCodenamevarnisheoannot-affectedbionicnot-affectedxenialnot-affectedtrustynot-affectedKnown Exploits!https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.htmlhttps://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.htmlReferenceshttps://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.htmlhttps://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.html
