Is CVE-2019-15892 actively exploited?

CVE-2019-15892 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-15892?

CVE-2019-15892 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2019-15892?

Patch guidance is available from varnish-software security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-15892.

Fix CVE-2019-15892 - HIGH varnish-software varnish cache

Q: Which products are affected by CVE-2019-15892?

4 products: varnish-software varnish cache, varnish cache project varnish cache, varnish cache project varnish cache, debian debian linux.

Description

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-617

Metadata

Primary Vendor: VARNISH-SOFTWARE
Published: 9/3/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

varnish-software : varnish_cachevarnish_cache_project : varnish_cachevarnish_cache_project : varnish_cachedebian : debian_linux

Remediation Guidance

Executive Summary

View on NIST NVD