Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-30156 (GCVE-0-2024-30156)
Vulnerability from cvelistv5
Published
2024-03-24 00:00
Modified
2024-11-21 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T19:07:53.735967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:12:19.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:03.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://varnish-cache.org/security/VSV00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-24T00:25:31.543164",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://varnish-cache.org/security/VSV00014.html"
},
{
"url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30156",
"datePublished": "2024-03-24T00:00:00",
"dateReserved": "2024-03-24T00:00:00",
"dateUpdated": "2024-11-21T19:12:19.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-30156\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-03-24T01:15:45.530\",\"lastModified\":\"2024-11-21T20:15:40.067\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.\"},{\"lang\":\"es\",\"value\":\"Varnish Cache anterior a 7.3.2 y 7.4.x anterior a 7.4.3 (y anterior a 6.0.13 LTS), y Varnish Enterprise 6 anterior a 6.0.12r6, permite el agotamiento de los cr\u00e9ditos para una ventana de flujo de control de conexi\u00f3n HTTP/2, tambi\u00e9n conocido como ataque de ventana rota.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://varnish-cache.org/security/VSV00014.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://varnish-cache.org/security/VSV00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://varnish-cache.org/security/VSV00014.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:25:03.059Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30156\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-21T19:07:53.735967Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-01T19:27:53.214Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://varnish-cache.org/security/VSV00014.html\"}, {\"url\": \"https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-03-24T00:25:31.543164\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-30156\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T19:12:19.270Z\", \"dateReserved\": \"2024-03-24T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-03-24T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024:1690
Vulnerability from csaf_redhat
Published
2024-04-08 09:21
Modified
2025-11-21 18:58
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1690",
"url": "https://access.redhat.com/errata/RHSA-2024:1690"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1690.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2025-11-21T18:58:30+00:00",
"generator": {
"date": "2025-11-21T18:58:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:1690",
"initial_release_date": "2024-04-08T09:21:57+00:00",
"revision_history": [
{
"date": "2024-04-08T09:21:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T09:21:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:58:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=src\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=src\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T09:21:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1690"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_1690
Vulnerability from csaf_redhat
Published
2024-04-08 09:21
Modified
2024-11-15 18:35
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1690",
"url": "https://access.redhat.com/errata/RHSA-2024:1690"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1690.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2024-11-15T18:35:39+00:00",
"generator": {
"date": "2024-11-15T18:35:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:1690",
"initial_release_date": "2024-04-08T09:21:57+00:00",
"revision_history": [
{
"date": "2024-04-08T09:21:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T09:21:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:35:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish:6:8090020240328195416:a75119d5",
"product": {
"name": "varnish:6:8090020240328195416:a75119d5",
"product_id": "varnish:6:8090020240328195416:a75119d5",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/varnish@6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=src"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
"product_reference": "varnish:6:8090020240328195416:a75119d5",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 as a component of varnish:6:8090020240328195416:a75119d5 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T09:21:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1690"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x",
"AppStream-8.9.0.Z.MAIN:varnish:6:8090020240328195416:a75119d5:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:1691
Vulnerability from csaf_redhat
Published
2024-04-08 09:19
Modified
2025-11-21 18:58
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1691",
"url": "https://access.redhat.com/errata/RHSA-2024:1691"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1691.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2025-11-21T18:58:27+00:00",
"generator": {
"date": "2025-11-21T18:58:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:1691",
"initial_release_date": "2024-04-08T09:19:22+00:00",
"revision_history": [
{
"date": "2024-04-08T09:19:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T09:19:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:58:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.src",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.src",
"product_id": "varnish-0:6.6.2-4.el9_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.i686",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686",
"product_id": "varnish-0:6.6.2-4.el9_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.src as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.src",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T09:19:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1691"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_2820
Vulnerability from csaf_redhat
Published
2024-05-13 01:26
Modified
2024-11-15 18:36
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2820",
"url": "https://access.redhat.com/errata/RHSA-2024:2820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2820.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2024-11-15T18:36:55+00:00",
"generator": {
"date": "2024-11-15T18:36:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2820",
"initial_release_date": "2024-05-13T01:26:24+00:00",
"revision_history": [
{
"date": "2024-05-13T01:26:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-13T01:26:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:36:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.i686",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686",
"product_id": "varnish-0:6.6.2-3.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.src",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.src",
"product_id": "varnish-0:6.6.2-3.el9_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.src",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-13T01:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2820"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_3426
Vulnerability from csaf_redhat
Published
2024-05-28 14:33
Modified
2024-11-15 18:36
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise
Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages
in memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise\nLinux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages\nin memory so web servers don\u0027t have to create the same web page over and over\nagain, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service\n(CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3426",
"url": "https://access.redhat.com/errata/RHSA-2024:3426"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3426.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2024-11-15T18:36:35+00:00",
"generator": {
"date": "2024-11-15T18:36:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:3426",
"initial_release_date": "2024-05-28T14:33:18+00:00",
"revision_history": [
{
"date": "2024-05-28T14:33:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-28T14:33:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:36:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish:6:8060020240520091547:ad008a3a",
"product": {
"name": "varnish:6:8060020240520091547:ad008a3a",
"product_id": "varnish:6:8060020240520091547:ad008a3a",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/varnish@6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=src"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
"product_reference": "varnish:6:8060020240520091547:ad008a3a",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 as a component of varnish:6:8060020240520091547:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-28T14:33:18+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3426"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.6.0.Z.EUS:varnish:6:8060020240520091547:ad008a3a:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_2700
Vulnerability from csaf_redhat
Published
2024-05-06 06:48
Modified
2024-11-15 18:36
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2700",
"url": "https://access.redhat.com/errata/RHSA-2024:2700"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2700.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2024-11-15T18:36:14+00:00",
"generator": {
"date": "2024-11-15T18:36:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2700",
"initial_release_date": "2024-05-06T06:48:37+00:00",
"revision_history": [
{
"date": "2024-05-06T06:48:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-06T06:48:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:36:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.src",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.src",
"product_id": "varnish-0:6.6.2-2.el9_0.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.i686",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686",
"product_id": "varnish-0:6.6.2-2.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.src",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T06:48:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2700"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:1690
Vulnerability from csaf_redhat
Published
2024-04-08 09:21
Modified
2025-11-21 18:58
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1690",
"url": "https://access.redhat.com/errata/RHSA-2024:1690"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1690.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2025-11-21T18:58:30+00:00",
"generator": {
"date": "2025-11-21T18:58:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:1690",
"initial_release_date": "2024-04-08T09:21:57+00:00",
"revision_history": [
{
"date": "2024-04-08T09:21:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T09:21:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:58:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=src\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=src\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=x86_64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=s390x\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=ppc64le\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.9.0%2B21617%2B7578fa11?arch=aarch64\u0026rpmmod=varnish:6:8090020240328195416:a75119d5"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T09:21:57+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1690"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-devel-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-docs-0:6.0.13-1.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.src::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debuginfo-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.aarch64::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.ppc64le::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.s390x::varnish:6",
"AppStream-8.9.0.Z.MAIN:varnish-modules-debugsource-0:0.15.0-6.module+el8.9.0+21617+7578fa11.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
RHSA-2024:3305
Vulnerability from csaf_redhat
Published
2024-05-23 07:06
Modified
2025-11-21 19:02
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3305",
"url": "https://access.redhat.com/errata/RHSA-2024:3305"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3305.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2025-11-21T19:02:41+00:00",
"generator": {
"date": "2025-11-21T19:02:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:3305",
"initial_release_date": "2024-05-23T07:06:03+00:00",
"revision_history": [
{
"date": "2024-05-23T07:06:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-23T07:06:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:02:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=src\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=src\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T07:06:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3305"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
RHSA-2024:2938
Vulnerability from csaf_redhat
Published
2024-05-21 10:05
Modified
2025-11-21 19:01
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in
memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in\nmemory so web servers don\u0027t have to create the same web page over and over\nagain, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service\n(CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2938",
"url": "https://access.redhat.com/errata/RHSA-2024:2938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2938.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2025-11-21T19:01:22+00:00",
"generator": {
"date": "2025-11-21T19:01:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:2938",
"initial_release_date": "2024-05-21T10:05:18+00:00",
"revision_history": [
{
"date": "2024-05-21T10:05:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-21T10:05:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:01:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src (varnish:6)",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=src\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=src\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T10:05:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2938"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
RHSA-2024:2820
Vulnerability from csaf_redhat
Published
2024-05-13 01:26
Modified
2025-11-21 19:00
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2820",
"url": "https://access.redhat.com/errata/RHSA-2024:2820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2820.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2025-11-21T19:00:58+00:00",
"generator": {
"date": "2025-11-21T19:00:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:2820",
"initial_release_date": "2024-05-13T01:26:24+00:00",
"revision_history": [
{
"date": "2024-05-13T01:26:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-13T01:26:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:00:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.i686",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686",
"product_id": "varnish-0:6.6.2-3.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.src",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.src",
"product_id": "varnish-0:6.6.2-3.el9_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.src",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-13T01:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2820"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
RHSA-2024:1689
Vulnerability from csaf_redhat
Published
2024-04-08 08:47
Modified
2025-11-21 18:58
Summary
Red Hat Security Advisory: rh-varnish6-varnish security update
Notes
Topic
An update for rh-varnish6-varnish is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-varnish6-varnish is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1689",
"url": "https://access.redhat.com/errata/RHSA-2024:1689"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1689.json"
}
],
"title": "Red Hat Security Advisory: rh-varnish6-varnish security update",
"tracking": {
"current_release_date": "2025-11-21T18:58:26+00:00",
"generator": {
"date": "2025-11-21T18:58:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:1689",
"initial_release_date": "2024-04-08T08:47:32+00:00",
"revision_history": [
{
"date": "2024-04-08T08:47:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T08:47:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:58:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
"product": {
"name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for RHEL(v. 7)",
"product": {
"name": "Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T08:47:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1689"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:1689
Vulnerability from csaf_redhat
Published
2024-04-08 08:47
Modified
2025-11-21 18:58
Summary
Red Hat Security Advisory: rh-varnish6-varnish security update
Notes
Topic
An update for rh-varnish6-varnish is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-varnish6-varnish is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1689",
"url": "https://access.redhat.com/errata/RHSA-2024:1689"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1689.json"
}
],
"title": "Red Hat Security Advisory: rh-varnish6-varnish security update",
"tracking": {
"current_release_date": "2025-11-21T18:58:26+00:00",
"generator": {
"date": "2025-11-21T18:58:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:1689",
"initial_release_date": "2024-04-08T08:47:32+00:00",
"revision_history": [
{
"date": "2024-04-08T08:47:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T08:47:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:58:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
"product": {
"name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for RHEL(v. 7)",
"product": {
"name": "Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T08:47:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1689"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
RHSA-2024:1691
Vulnerability from csaf_redhat
Published
2024-04-08 09:19
Modified
2025-11-21 18:58
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1691",
"url": "https://access.redhat.com/errata/RHSA-2024:1691"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1691.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2025-11-21T18:58:27+00:00",
"generator": {
"date": "2025-11-21T18:58:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:1691",
"initial_release_date": "2024-04-08T09:19:22+00:00",
"revision_history": [
{
"date": "2024-04-08T09:19:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T09:19:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:58:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.src",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.src",
"product_id": "varnish-0:6.6.2-4.el9_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.i686",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686",
"product_id": "varnish-0:6.6.2-4.el9_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.src as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.src",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T09:19:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1691"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_3305
Vulnerability from csaf_redhat
Published
2024-05-23 07:06
Modified
2024-11-15 18:36
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3305",
"url": "https://access.redhat.com/errata/RHSA-2024:3305"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3305.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2024-11-15T18:36:26+00:00",
"generator": {
"date": "2024-11-15T18:36:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:3305",
"initial_release_date": "2024-05-23T07:06:03+00:00",
"revision_history": [
{
"date": "2024-05-23T07:06:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-23T07:06:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:36:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish:6:8080020240510134818:63b34585",
"product": {
"name": "varnish:6:8080020240510134818:63b34585",
"product_id": "varnish:6:8080020240510134818:63b34585",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/varnish@6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
"product_reference": "varnish:6:8080020240510134818:63b34585",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 as a component of varnish:6:8080020240510134818:63b34585 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T07:06:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3305"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x",
"AppStream-8.8.0.Z.EUS:varnish:6:8080020240510134818:63b34585:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:2938
Vulnerability from csaf_redhat
Published
2024-05-21 10:05
Modified
2025-11-21 19:01
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in
memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in\nmemory so web servers don\u0027t have to create the same web page over and over\nagain, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service\n(CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2938",
"url": "https://access.redhat.com/errata/RHSA-2024:2938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2938.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2025-11-21T19:01:22+00:00",
"generator": {
"date": "2025-11-21T19:01:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:2938",
"initial_release_date": "2024-05-21T10:05:18+00:00",
"revision_history": [
{
"date": "2024-05-21T10:05:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-21T10:05:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:01:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src (varnish:6)",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=src\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=src\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le\u0026rpmmod=varnish:6:8040020240513125037:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T10:05:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2938"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le::varnish:6",
"AppStream-8.4.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6",
"AppStream-8.4.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:4937
Vulnerability from csaf_redhat
Published
2024-07-31 10:18
Modified
2025-11-21 19:07
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4937",
"url": "https://access.redhat.com/errata/RHSA-2024:4937"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4937.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2025-11-21T19:07:56+00:00",
"generator": {
"date": "2025-11-21T19:07:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4937",
"initial_release_date": "2024-07-31T10:18:05+00:00",
"revision_history": [
{
"date": "2024-07-31T10:18:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-31T10:18:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:07:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"product": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src (varnish:6)",
"product_id": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=src\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=src\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6"
},
"product_reference": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-31T10:18:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4937"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
RHSA-2024:3426
Vulnerability from csaf_redhat
Published
2024-05-28 14:33
Modified
2025-11-21 19:03
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise
Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages
in memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise\nLinux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages\nin memory so web servers don\u0027t have to create the same web page over and over\nagain, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service\n(CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3426",
"url": "https://access.redhat.com/errata/RHSA-2024:3426"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3426.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2025-11-21T19:03:12+00:00",
"generator": {
"date": "2025-11-21T19:03:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:3426",
"initial_release_date": "2024-05-28T14:33:18+00:00",
"revision_history": [
{
"date": "2024-05-28T14:33:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-28T14:33:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:03:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=src\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=src\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-28T14:33:18+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3426"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:3426
Vulnerability from csaf_redhat
Published
2024-05-28 14:33
Modified
2025-11-21 19:03
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise
Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages
in memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise\nLinux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages\nin memory so web servers don\u0027t have to create the same web page over and over\nagain, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service\n(CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3426",
"url": "https://access.redhat.com/errata/RHSA-2024:3426"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3426.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2025-11-21T19:03:12+00:00",
"generator": {
"date": "2025-11-21T19:03:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:3426",
"initial_release_date": "2024-05-28T14:33:18+00:00",
"revision_history": [
{
"date": "2024-05-28T14:33:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-28T14:33:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:03:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=src\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=src\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B21852%2B17475f6a.3?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020240520091547:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-28T14:33:18+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3426"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-devel-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-docs-0:6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_2938
Vulnerability from csaf_redhat
Published
2024-05-21 10:05
Modified
2024-11-15 18:36
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in
memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in\nmemory so web servers don\u0027t have to create the same web page over and over\nagain, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service\n(CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2938",
"url": "https://access.redhat.com/errata/RHSA-2024:2938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2938.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2024-11-15T18:36:01+00:00",
"generator": {
"date": "2024-11-15T18:36:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2938",
"initial_release_date": "2024-05-21T10:05:18+00:00",
"revision_history": [
{
"date": "2024-05-21T10:05:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-21T10:05:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:36:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish:6:8040020240513125037:522a0ee4",
"product": {
"name": "varnish:6:8040020240513125037:522a0ee4",
"product_id": "varnish:6:8040020240513125037:522a0ee4",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/varnish@6:8040020240513125037:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=src"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product_id": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product_id": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product_id": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product_id": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product_id": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product_id": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product_id": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-2.module%2Bel8.4.0%2B21799%2B2c737c67.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product_id": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product_id": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product_id": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-5.module%2Bel8.3.0%2B6843%2Bb3b42fcc?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
"product_reference": "varnish:6:8040020240513125037:522a0ee4",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
"product_reference": "varnish:6:8040020240513125037:522a0ee4",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
},
"product_reference": "varnish:6:8040020240513125037:522a0ee4",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64"
},
"product_reference": "varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64 as a component of varnish:6:8040020240513125037:522a0ee4 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T10:05:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2938"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.AUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le",
"AppStream-8.4.0.Z.E4S:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.src",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-devel-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-docs-0:6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.src",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debuginfo-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64",
"AppStream-8.4.0.Z.TUS:varnish:6:8040020240513125037:522a0ee4:varnish-modules-debugsource-0:0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
RHSA-2024:4937
Vulnerability from csaf_redhat
Published
2024-07-31 10:18
Modified
2025-11-21 19:07
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4937",
"url": "https://access.redhat.com/errata/RHSA-2024:4937"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4937.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2025-11-21T19:07:56+00:00",
"generator": {
"date": "2025-11-21T19:07:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:4937",
"initial_release_date": "2024-07-31T10:18:05+00:00",
"revision_history": [
{
"date": "2024-07-31T10:18:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-31T10:18:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:07:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"product": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src (varnish:6)",
"product_id": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=src\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=src\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64\u0026rpmmod=varnish:6:8020020240528095801:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6"
},
"product_reference": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-31T10:18:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4937"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6",
"AppStream-8.2.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_1689
Vulnerability from csaf_redhat
Published
2024-04-08 08:47
Modified
2024-11-15 18:35
Summary
Red Hat Security Advisory: rh-varnish6-varnish security update
Notes
Topic
An update for rh-varnish6-varnish is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-varnish6-varnish is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1689",
"url": "https://access.redhat.com/errata/RHSA-2024:1689"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1689.json"
}
],
"title": "Red Hat Security Advisory: rh-varnish6-varnish security update",
"tracking": {
"current_release_date": "2024-11-15T18:35:28+00:00",
"generator": {
"date": "2024-11-15T18:35:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:1689",
"initial_release_date": "2024-04-08T08:47:32+00:00",
"revision_history": [
{
"date": "2024-04-08T08:47:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T08:47:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:35:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
"product": {
"name": "Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for RHEL(v. 7)",
"product": {
"name": "Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-devel@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-docs@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product_id": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-libs@6.0.13-1.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product_id": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules@0.15.0-8.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product_id": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-varnish6-varnish-modules-debuginfo@0.15.0-8.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)",
"product_id": "7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)",
"product_id": "7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
},
"product_reference": "rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T08:47:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1689"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Server-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-devel-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-docs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-libs-0:6.0.13-1.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.src",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-0:0.15.0-8.el7.x86_64",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.ppc64le",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.s390x",
"7Workstation-RHSCL-3.8:rh-varnish6-varnish-modules-debuginfo-0:0.15.0-8.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
RHSA-2024:2700
Vulnerability from csaf_redhat
Published
2024-05-06 06:48
Modified
2025-11-21 19:00
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2700",
"url": "https://access.redhat.com/errata/RHSA-2024:2700"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2700.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2025-11-21T19:00:40+00:00",
"generator": {
"date": "2025-11-21T19:00:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:2700",
"initial_release_date": "2024-05-06T06:48:37+00:00",
"revision_history": [
{
"date": "2024-05-06T06:48:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-06T06:48:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:00:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.src",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.src",
"product_id": "varnish-0:6.6.2-2.el9_0.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.i686",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686",
"product_id": "varnish-0:6.6.2-2.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.src",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T06:48:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2700"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_4937
Vulnerability from csaf_redhat
Published
2024-07-31 10:18
Modified
2024-11-15 18:37
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4937",
"url": "https://access.redhat.com/errata/RHSA-2024:4937"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4937.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2024-11-15T18:37:48+00:00",
"generator": {
"date": "2024-11-15T18:37:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:4937",
"initial_release_date": "2024-07-31T10:18:05+00:00",
"revision_history": [
{
"date": "2024-07-31T10:18:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-31T10:18:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:37:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish:6:8020020240528095801:4cda2c84",
"product": {
"name": "varnish:6:8020020240528095801:4cda2c84",
"product_id": "varnish:6:8020020240528095801:4cda2c84",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/varnish@6:8020020240528095801:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src",
"product": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src",
"product_id": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=src"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src",
"product": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src",
"product_id": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product_id": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product": {
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product_id": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product": {
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product_id": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.6-1.module%2Bel8.2.0%2B22154%2B6b906702?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product_id": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product_id": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product_id": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-4.module%2Bel8%2B2481%2B4078e9d2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
},
"product_reference": "varnish:6:8020020240528095801:4cda2c84",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src as a component of varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src"
},
"product_reference": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 as a component of varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64"
},
"product_reference": "varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 as a component of varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64"
},
"product_reference": "varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64 as a component of varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64"
},
"product_reference": "varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src as a component of varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src"
},
"product_reference": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 as a component of varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64"
},
"product_reference": "varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 as a component of varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64 as a component of varnish:6:8020020240528095801:4cda2c84 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-31T10:18:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4937"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.src",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-devel-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-docs-0:6.0.6-1.module+el8.2.0+22154+6b906702.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.src",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debuginfo-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64",
"AppStream-8.2.0.Z.AUS:varnish:6:8020020240528095801:4cda2c84:varnish-modules-debugsource-0:0.15.0-4.module+el8+2481+4078e9d2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:2700
Vulnerability from csaf_redhat
Published
2024-05-06 06:48
Modified
2025-11-21 19:00
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2700",
"url": "https://access.redhat.com/errata/RHSA-2024:2700"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2700.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2025-11-21T19:00:40+00:00",
"generator": {
"date": "2025-11-21T19:00:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:2700",
"initial_release_date": "2024-05-06T06:48:37+00:00",
"revision_history": [
{
"date": "2024-05-06T06:48:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-06T06:48:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:00:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.src",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.src",
"product_id": "varnish-0:6.6.2-2.el9_0.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.i686",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686",
"product_id": "varnish-0:6.6.2-2.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-2.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-2.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product_id": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-2.el9_0.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.src",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.i686",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.0)",
"product_id": "CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"relates_to_product_reference": "CRB-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-06T06:48:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2700"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"AppStream-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"AppStream-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.src",
"CRB-9.0.0.Z.EUS:varnish-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.i686",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-devel-0:6.6.2-2.el9_0.3.x86_64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.aarch64",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.ppc64le",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.s390x",
"CRB-9.0.0.Z.EUS:varnish-docs-0:6.6.2-2.el9_0.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024_1691
Vulnerability from csaf_redhat
Published
2024-04-08 09:19
Modified
2024-11-15 18:35
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1691",
"url": "https://access.redhat.com/errata/RHSA-2024:1691"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1691.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2024-11-15T18:35:50+00:00",
"generator": {
"date": "2024-11-15T18:35:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:1691",
"initial_release_date": "2024-04-08T09:19:22+00:00",
"revision_history": [
{
"date": "2024-04-08T09:19:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-08T09:19:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T18:35:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.src",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.src",
"product_id": "varnish-0:6.6.2-4.el9_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.i686",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686",
"product_id": "varnish-0:6.6.2-4.el9_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-4.el9_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-4.el9_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product_id": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-4.el9_3.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.src as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.src",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.i686",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"relates_to_product_reference": "CRB-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-08T09:19:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1691"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"AppStream-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"AppStream-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.src",
"CRB-9.3.0.Z.MAIN:varnish-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.i686",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-devel-0:6.6.2-4.el9_3.1.x86_64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.aarch64",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.ppc64le",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.s390x",
"CRB-9.3.0.Z.MAIN:varnish-docs-0:6.6.2-4.el9_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:3305
Vulnerability from csaf_redhat
Published
2024-05-23 07:06
Modified
2025-11-21 19:02
Summary
Red Hat Security Advisory: varnish:6 security update
Notes
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish:6: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish:6: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3305",
"url": "https://access.redhat.com/errata/RHSA-2024:3305"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3305.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2025-11-21T19:02:41+00:00",
"generator": {
"date": "2025-11-21T19:02:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:3305",
"initial_release_date": "2024-05-23T07:06:03+00:00",
"revision_history": [
{
"date": "2024-05-23T07:06:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-23T07:06:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:02:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=src\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=src\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B21796%2B79393093.2?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020240510134818:63b34585"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T07:06:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3305"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+21796+79393093.2.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
rhsa-2024:2820
Vulnerability from csaf_redhat
Published
2024-05-13 01:26
Modified
2025-11-21 19:00
Summary
Red Hat Security Advisory: varnish security update
Notes
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2820",
"url": "https://access.redhat.com/errata/RHSA-2024:2820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2820.json"
}
],
"title": "Red Hat Security Advisory: varnish security update",
"tracking": {
"current_release_date": "2025-11-21T19:00:58+00:00",
"generator": {
"date": "2025-11-21T19:00:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:2820",
"initial_release_date": "2024-05-13T01:26:24+00:00",
"revision_history": [
{
"date": "2024-05-13T01:26:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-13T01:26:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:00:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.i686",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686",
"product_id": "varnish-0:6.6.2-3.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.6.2-3.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product_id": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.6.2-3.el9_2.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.6.2-3.el9_2.2.src",
"product": {
"name": "varnish-0:6.6.2-3.el9_2.2.src",
"product_id": "varnish-0:6.6.2-3.el9_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.6.2-3.el9_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.src",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
},
"product_reference": "varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the active HTTP streams, retaining the already allocated resources, leading to resource starvation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: HTTP/2 Broken Window Attack may result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-30156 represents a important severity issue due to its potential to cause widespread denial of service (DoS) across Varnish Cacher servers with HTTP/2 protocol enabled. By exploiting this vulnerability, attackers can exhaust the server\u0027s HTTP/2 connection control flow window credits, thereby halting the processing of streams and indefinitely retaining associated resources. This can lead to a complete service outage, impacting the availability and performance of web services relying on Varnish Cache. Given the prevalence of HTTP/2 adoption for its performance benefits, the vulnerability poses a significant risk to web infrastructure, necessitating immediate mitigation measures to prevent exploitation and mitigate the impact on affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30156"
},
{
"category": "external",
"summary": "RHBZ#2271486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "https://varnish-cache.org/security/VSV00014.html",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"release_date": "2024-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-13T01:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2820"
},
{
"category": "workaround",
"details": "A possible mitigation for this issue is to disable http2 support until the package can be updated.\nThis can be performed by running the following command:\n\n~~~\nvarnishadm param.set feature -http2\n~~~\n\nNote: you must remove `h2` from the list of protocols if your TLS terminator is advertising it with ALPN.\n\nIt\u0027s also possible to use the `MAIN.sc_bankrupt` counter to monitor possible on-going attacks to the varnish server.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.src",
"CRB-9.2.0.Z.EUS:varnish-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-devel-0:6.6.2-3.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:varnish-docs-0:6.6.2-3.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: HTTP/2 Broken Window Attack may result in denial of service"
}
]
}
ghsa-c3wj-m54r-wfgq
Vulnerability from github
Published
2024-03-24 03:30
Modified
2024-11-21 21:33
Severity ?
VLAI Severity ?
Details
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
{
"affected": [],
"aliases": [
"CVE-2024-30156"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-24T01:15:45Z",
"severity": "HIGH"
},
"details": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.",
"id": "GHSA-c3wj-m54r-wfgq",
"modified": "2024-11-21T21:33:30Z",
"published": "2024-03-24T03:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"type": "WEB",
"url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security"
},
{
"type": "WEB",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2024-30156
Vulnerability from gsd
Modified
2024-04-03 05:02
Details
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-30156"
],
"details": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.",
"id": "GSD-2024-30156",
"modified": "2024-04-03T05:02:29.304353Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-30156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://varnish-cache.org/security/VSV00014.html",
"refsource": "MISC",
"url": "https://varnish-cache.org/security/VSV00014.html"
},
{
"name": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security",
"refsource": "MISC",
"url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack."
}
],
"id": "CVE-2024-30156",
"lastModified": "2024-03-25T01:51:01.223",
"metrics": {},
"published": "2024-03-24T01:15:45.530",
"references": [
{
"source": "cve@mitre.org",
"url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security"
},
{
"source": "cve@mitre.org",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
fkie_cve-2024-30156
Vulnerability from fkie_nvd
Published
2024-03-24 01:15
Modified
2024-11-21 20:15
Severity ?
Summary
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security | ||
| cve@mitre.org | https://varnish-cache.org/security/VSV00014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://varnish-cache.org/security/VSV00014.html |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack."
},
{
"lang": "es",
"value": "Varnish Cache anterior a 7.3.2 y 7.4.x anterior a 7.4.3 (y anterior a 6.0.13 LTS), y Varnish Enterprise 6 anterior a 6.0.12r6, permite el agotamiento de los cr\u00e9ditos para una ventana de flujo de control de conexi\u00f3n HTTP/2, tambi\u00e9n conocido como ataque de ventana rota."
}
],
"id": "CVE-2024-30156",
"lastModified": "2024-11-21T20:15:40.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-24T01:15:45.530",
"references": [
{
"source": "cve@mitre.org",
"url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security"
},
{
"source": "cve@mitre.org",
"url": "https://varnish-cache.org/security/VSV00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://varnish-cache.org/security/VSV00014.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
wid-sec-w-2024-0701
Vulnerability from csaf_certbund
Published
2024-03-24 23:00
Modified
2024-11-18 23:00
Summary
Varnish HTTP Cache: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Varnish ist ein Reverse-Proxy, der als HTTP-Beschleuniger verwendet wird.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Varnish HTTP Cache ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Varnish ist ein Reverse-Proxy, der als HTTP-Beschleuniger verwendet wird.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Varnish HTTP Cache ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0701 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0701.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0701 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0701"
},
{
"category": "external",
"summary": "Varnish Security Advisory vom 2024-03-24",
"url": "https://varnish-cache.org/security/VSV00014.html"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "Github Advisory",
"url": "https://github.com/advisories/GHSA-c3wj-m54r-wfgq"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1690 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1690"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1691 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1691"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1689 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1689"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1690 vom 2024-04-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-1690.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1691 vom 2024-04-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-1691.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2700 vom 2024-05-06",
"url": "https://access.redhat.com/errata/RHSA-2024:2700"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1690 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLSA-2024:1690"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2820 vom 2024-05-13",
"url": "https://access.redhat.com/errata/RHSA-2024:2820"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2938 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2938"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3305 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3305"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3426 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3426"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4937 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4937"
}
],
"source_lang": "en-US",
"title": "Varnish HTTP Cache: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-11-18T23:00:00.000+00:00",
"generator": {
"date": "2024-11-19T11:34:48.412+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-0701",
"initial_release_date": "2024-03-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-07T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-22T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "11",
"summary": "Korrektur Plattformauswahl"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cEnterprise 6.0.12r6",
"product": {
"name": "Open Source Varnish HTTP Cache \u003cEnterprise 6.0.12r6",
"product_id": "T033532"
}
},
{
"category": "product_version",
"name": "Enterprise 6.0.12r6",
"product": {
"name": "Open Source Varnish HTTP Cache Enterprise 6.0.12r6",
"product_id": "T033532-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:enterprise__6.0.12r6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.2",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c7.3.2",
"product_id": "T033638"
}
},
{
"category": "product_version",
"name": "7.3.2",
"product": {
"name": "Open Source Varnish HTTP Cache 7.3.2",
"product_id": "T033638-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:7.3.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.3",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c7.4.3",
"product_id": "T033639"
}
},
{
"category": "product_version",
"name": "7.4.3",
"product": {
"name": "Open Source Varnish HTTP Cache 7.4.3",
"product_id": "T033639-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:7.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.13",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c6.0.13",
"product_id": "T033640"
}
},
{
"category": "product_version",
"name": "6.0.13",
"product": {
"name": "Open Source Varnish HTTP Cache 6.0.13",
"product_id": "T033640-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:6.0.13"
}
}
}
],
"category": "product_name",
"name": "Varnish HTTP Cache"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Varnish HTTP Cache. Dieser Fehler besteht auf Varnish Cacher-Servern, die das HTTP/2-Protokoll aktiviert haben, und erm\u00f6glicht es, dass das HTTP/2-Verbindungskontrollflussfenster des Servers keine Credits mehr hat, was dazu f\u00fchrt, dass kein Fortschritt bei der Verarbeitung von Streams gemacht wird, w\u00e4hrend die zugeh\u00f6rigen Ressourcen gehalten werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033532",
"67646",
"T033638",
"T033639",
"T004914",
"T033640",
"T032255"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2024-30156"
}
]
}
WID-SEC-W-2024-0701
Vulnerability from csaf_certbund
Published
2024-03-24 23:00
Modified
2024-11-18 23:00
Summary
Varnish HTTP Cache: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Varnish ist ein Reverse-Proxy, der als HTTP-Beschleuniger verwendet wird.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Varnish HTTP Cache ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Varnish ist ein Reverse-Proxy, der als HTTP-Beschleuniger verwendet wird.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Varnish HTTP Cache ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0701 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0701.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0701 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0701"
},
{
"category": "external",
"summary": "Varnish Security Advisory vom 2024-03-24",
"url": "https://varnish-cache.org/security/VSV00014.html"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30156"
},
{
"category": "external",
"summary": "Github Advisory",
"url": "https://github.com/advisories/GHSA-c3wj-m54r-wfgq"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1690 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1690"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1691 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1691"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1689 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1689"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1690 vom 2024-04-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-1690.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1691 vom 2024-04-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-1691.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2700 vom 2024-05-06",
"url": "https://access.redhat.com/errata/RHSA-2024:2700"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1690 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLSA-2024:1690"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2820 vom 2024-05-13",
"url": "https://access.redhat.com/errata/RHSA-2024:2820"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2938 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2938"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3305 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3305"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3426 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3426"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4937 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4937"
}
],
"source_lang": "en-US",
"title": "Varnish HTTP Cache: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-11-18T23:00:00.000+00:00",
"generator": {
"date": "2024-11-19T11:34:48.412+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-0701",
"initial_release_date": "2024-03-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-07T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-22T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "11",
"summary": "Korrektur Plattformauswahl"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cEnterprise 6.0.12r6",
"product": {
"name": "Open Source Varnish HTTP Cache \u003cEnterprise 6.0.12r6",
"product_id": "T033532"
}
},
{
"category": "product_version",
"name": "Enterprise 6.0.12r6",
"product": {
"name": "Open Source Varnish HTTP Cache Enterprise 6.0.12r6",
"product_id": "T033532-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:enterprise__6.0.12r6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.2",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c7.3.2",
"product_id": "T033638"
}
},
{
"category": "product_version",
"name": "7.3.2",
"product": {
"name": "Open Source Varnish HTTP Cache 7.3.2",
"product_id": "T033638-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:7.3.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.3",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c7.4.3",
"product_id": "T033639"
}
},
{
"category": "product_version",
"name": "7.4.3",
"product": {
"name": "Open Source Varnish HTTP Cache 7.4.3",
"product_id": "T033639-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:7.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.13",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c6.0.13",
"product_id": "T033640"
}
},
{
"category": "product_version",
"name": "6.0.13",
"product": {
"name": "Open Source Varnish HTTP Cache 6.0.13",
"product_id": "T033640-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:6.0.13"
}
}
}
],
"category": "product_name",
"name": "Varnish HTTP Cache"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30156",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Varnish HTTP Cache. Dieser Fehler besteht auf Varnish Cacher-Servern, die das HTTP/2-Protokoll aktiviert haben, und erm\u00f6glicht es, dass das HTTP/2-Verbindungskontrollflussfenster des Servers keine Credits mehr hat, was dazu f\u00fchrt, dass kein Fortschritt bei der Verarbeitung von Streams gemacht wird, w\u00e4hrend die zugeh\u00f6rigen Ressourcen gehalten werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T033532",
"67646",
"T033638",
"T033639",
"T004914",
"T033640",
"T032255"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2024-30156"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…