What is CVE-2009-2936?

CVE-2009-2936 is a vulnerability in Varnish.projects.linpro Varnish, classified under Improper Authentication. Published 2010-04-05.

Is CVE-2009-2936 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Varnish.projects.linpro Varnish

CVE-2009-2936

The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote…

Vulnerability class: Broken Authentication

EPSS: 0.684 (98.6th percentile) — read the EPSS interpretation.

Affected products

Varnish.projects.linpro Varnish — versions 1.0.1, 1.1.1, 2.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

FEDORA-2010-6719 (vendor-advisory, x_refsource_FEDORA)
20100329 Medium security hole in Varnish reverse proxy (mailing-list, x_refsource_BUGTRAQ)
20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2009-2936?: CVE-2009-2936 is a vulnerability in Varnish.projects.linpro Varnish, classified under Improper Authentication. Published 2010-04-05.
Is CVE-2009-2936 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.