Is CVE-2019-20637 actively exploited?

CVE-2019-20637 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-20637?

CVE-2019-20637 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2019-20637?

Patch guidance is available from varnish-cache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-20637.

Fix CVE-2019-20637 - HIGH varnish-cache varnish cache

Q: Which products are affected by CVE-2019-20637?

5 products: varnish-cache varnish cache, varnish-cache varnish cache, varnish-software varnish cache, opensuse backports sle, opensuse leap.

Description

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-212

Metadata

Primary Vendor: VARNISH-CACHE
Published: 4/8/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

varnish-cache : varnish_cachevarnish-cache : varnish_cachevarnish-software : varnish_cacheopensuse : backports_sleopensuse : leap

Remediation Guidance

Executive Summary

View on NIST NVD