- Description
- Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- cve@mitre.org
- CWE-444
- Hype score
- Not currently trending
CVE-2025-47905 - Red Hat Customer Portal https://t.co/BcH1eDvH98
@w4yh
2 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Varnish Cache y Varnish Enterprise afectados por Desincronización del lado del Cliente a través de Peticiones HTTP/1 [CVE-2025-47905] #VarnishHTTPCache #Desync #HTTPRequest_Response_Smuggling https://t.co/zJF8nIuXjn https://t.co/zpErUMxD3Y
@_Ninhack
14 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47905 Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectl… https://t.co/xTux1rWnWc
@CVEnew
14 May 2025
639 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes