Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-12425

EPSS 1.05% · P78
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-12425

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Varnish HTTP Cache 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Varnish HTTP Cache是丹麦软件开发者Poul-Henning Kamp所研发的一款高性能、开源的反向代理服务器和缓存服务器。该服务器采用Visual Page Cache技术,可实现所有缓存的数据直接从内存读取,从而提高访问速度。 Varnish HTTP Cache中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(varnishd worker进程中止和重启),并造成进程内容丢失。以下版本受到影响:Varnish HTTP Cache 4.0.1版本至4.0.4版本,4.1.0版本至4.1
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-12425

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-12425

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-08-04 · 29 CVEs total

CVE-2017-11657Dashlane 安全漏洞
CVE-2017-12418ImageMagick 安全漏洞
CVE-2015-9107Zoho ManageEngine OpManager 安全漏洞
CVE-2017-12427ImageMagick 缓冲区错误漏洞
CVE-2017-12424shadow 安全漏洞
CVE-2017-12435ImageMagick 资源管理错误漏洞
CVE-2017-12434ImageMagick 输入验证错误漏洞
CVE-2017-12433ImageMagick 缓冲区错误漏洞
CVE-2017-12432ImageMagick 资源管理错误漏洞
CVE-2017-12431ImageMagick 安全漏洞
CVE-2017-12430ImageMagick 资源管理错误漏洞
CVE-2017-12429ImageMagick 资源管理错误漏洞
CVE-2017-12428ImageMagick 缓冲区错误漏洞
CVE-2017-12413AXIS 2100 跨站脚本漏洞
CVE-2017-12481Ledger 缓冲区错误漏洞
CVE-2017-12459GNU Binutils Binary File Descriptor库安全漏洞
CVE-2017-12458GNU Binutils Binary File Descriptor 安全漏洞
CVE-2017-12457GNU Binutils Binary File Descriptor库安全漏洞
CVE-2017-12456GNU Binutils 安全漏洞
CVE-2017-12455GNU Binutils Binary File Descriptor库安全漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-12425

No comments yet

Leave a comment