Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-nrzf-yt7d-x7dh
SummaryThe Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
Aliases
0
alias CVE-2009-2936
Fixed_packages
0
url pkg:deb/debian/varnish@2.1.0-2?distro=trixie
purl pkg:deb/debian/varnish@2.1.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@2.1.0-2%3Fdistro=trixie
1
url pkg:deb/debian/varnish@2.1.3-8%2Bdeb6u2
purl pkg:deb/debian/varnish@2.1.3-8%2Bdeb6u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-fgjt-z1kd-nbct
2
vulnerability VCID-hery-ps62-9kf5
3
vulnerability VCID-hpb7-1n1t-n3em
4
vulnerability VCID-j1qj-kj7k-v7fx
5
vulnerability VCID-mbcb-cn8g-zfgw
6
vulnerability VCID-ntj2-zryg-tubp
7
vulnerability VCID-pww8-5fsd-1kcz
8
vulnerability VCID-r7t1-a958-d7dg
9
vulnerability VCID-rn5t-3pup-kbbv
10
vulnerability VCID-tnwn-h2wc-q7c4
11
vulnerability VCID-wm39-aehq-cyfb
12
vulnerability VCID-z4zn-dpfs-j7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@2.1.3-8%252Bdeb6u2
2
url pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3%3Fdistro=trixie
3
url pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-cmeu-b3fh-hkaf
2
vulnerability VCID-djsh-vmzh-sbe7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-2%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/varnish@7.7.0-3?distro=trixie
purl pkg:deb/debian/varnish@7.7.0-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmeu-b3fh-hkaf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.7.0-3%3Fdistro=trixie
5
url pkg:deb/debian/varnish@7.7.3-2?distro=trixie
purl pkg:deb/debian/varnish@7.7.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.7.3-2%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/varnish@1.0.2-2
purl pkg:deb/debian/varnish@1.0.2-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-fgjt-z1kd-nbct
2
vulnerability VCID-hery-ps62-9kf5
3
vulnerability VCID-hpb7-1n1t-n3em
4
vulnerability VCID-j1qj-kj7k-v7fx
5
vulnerability VCID-mbcb-cn8g-zfgw
6
vulnerability VCID-nrzf-yt7d-x7dh
7
vulnerability VCID-ntj2-zryg-tubp
8
vulnerability VCID-pww8-5fsd-1kcz
9
vulnerability VCID-r7t1-a958-d7dg
10
vulnerability VCID-rn5t-3pup-kbbv
11
vulnerability VCID-tnwn-h2wc-q7c4
12
vulnerability VCID-wm39-aehq-cyfb
13
vulnerability VCID-z4zn-dpfs-j7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@1.0.2-2
1
url pkg:deb/debian/varnish@1.1.2
purl pkg:deb/debian/varnish@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fbk-5fwk-efbd
1
vulnerability VCID-fgjt-z1kd-nbct
2
vulnerability VCID-hery-ps62-9kf5
3
vulnerability VCID-hpb7-1n1t-n3em
4
vulnerability VCID-j1qj-kj7k-v7fx
5
vulnerability VCID-mbcb-cn8g-zfgw
6
vulnerability VCID-nrzf-yt7d-x7dh
7
vulnerability VCID-ntj2-zryg-tubp
8
vulnerability VCID-pww8-5fsd-1kcz
9
vulnerability VCID-r7t1-a958-d7dg
10
vulnerability VCID-rn5t-3pup-kbbv
11
vulnerability VCID-tnwn-h2wc-q7c4
12
vulnerability VCID-wm39-aehq-cyfb
13
vulnerability VCID-z4zn-dpfs-j7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@1.1.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2936
reference_id
reference_type
scores
0
value 0.6839
scoring_system epss
scoring_elements 0.98594
published_at 2026-04-01T12:55:00Z
1
value 0.6839
scoring_system epss
scoring_elements 0.98596
published_at 2026-04-02T12:55:00Z
2
value 0.6839
scoring_system epss
scoring_elements 0.98599
published_at 2026-04-04T12:55:00Z
3
value 0.6839
scoring_system epss
scoring_elements 0.98601
published_at 2026-04-07T12:55:00Z
4
value 0.6839
scoring_system epss
scoring_elements 0.98603
published_at 2026-04-08T12:55:00Z
5
value 0.6839
scoring_system epss
scoring_elements 0.98605
published_at 2026-04-09T12:55:00Z
6
value 0.6839
scoring_system epss
scoring_elements 0.98607
published_at 2026-04-12T12:55:00Z
7
value 0.6839
scoring_system epss
scoring_elements 0.98608
published_at 2026-04-13T12:55:00Z
8
value 0.6839
scoring_system epss
scoring_elements 0.98613
published_at 2026-04-21T12:55:00Z
9
value 0.6839
scoring_system epss
scoring_elements 0.98614
published_at 2026-04-18T12:55:00Z
10
value 0.6839
scoring_system epss
scoring_elements 0.98617
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2936
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35581.rb
reference_id CVE-2009-2936;OSVDB-67670
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35581.rb
Weaknesses
Exploits
0
date_added 2014-12-19
description Varnish Cache CLI Interface - Remote Code Execution (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2014-12-19
exploit_type remote
platform linux
source_date_updated 2014-12-19
data_source Exploit-DB
source_url
1
date_added null
description 
This module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce
                           list of passwords.
required_action null
due_date null
notes 
{}
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/varnish/varnish_cli_login.rb
Severity_range_scorenull
Exploitability2.0
Weighted_severity0.6
Risk_score1.2
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-nrzf-yt7d-x7dh