{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91950?format=json","vulnerability_id":"VCID-nrzf-yt7d-x7dh","summary":"The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives.  NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.","aliases":[{"alias":"CVE-2009-2936"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942027?format=json","purl":"pkg:deb/debian/varnish@2.1.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@2.1.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1035129?format=json","purl":"pkg:deb/debian/varnish@2.1.3-8%2Bdeb6u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-fgjt-z1kd-nbct"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-ntj2-zryg-tubp"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"},{"vulnerability":"VCID-z4zn-dpfs-j7cq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@2.1.3-8%252Bdeb6u2"},{"url":"http://public2.vulnerablecode.io/api/packages/942028?format=json","purl":"pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/942026?format=json","purl":"pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/942030?format=json","purl":"pkg:deb/debian/varnish@7.7.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmeu-b3fh-hkaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/942029?format=json","purl":"pkg:deb/debian/varnish@7.7.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.7.3-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035127?format=json","purl":"pkg:deb/debian/varnish@1.0.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-fgjt-z1kd-nbct"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-nrzf-yt7d-x7dh"},{"vulnerability":"VCID-ntj2-zryg-tubp"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"},{"vulnerability":"VCID-z4zn-dpfs-j7cq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@1.0.2-2"},{"url":"http://public2.vulnerablecode.io/api/packages/1035128?format=json","purl":"pkg:deb/debian/varnish@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-fgjt-z1kd-nbct"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-nrzf-yt7d-x7dh"},{"vulnerability":"VCID-ntj2-zryg-tubp"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"},{"vulnerability":"VCID-z4zn-dpfs-j7cq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@1.1.2"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2936","reference_id":"","reference_type":"","scores":[{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98594","published_at":"2026-04-01T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98596","published_at":"2026-04-02T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98599","published_at":"2026-04-04T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98605","published_at":"2026-04-09T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98607","published_at":"2026-04-12T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98613","published_at":"2026-04-21T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98614","published_at":"2026-04-18T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98617","published_at":"2026-04-24T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98618","published_at":"2026-04-26T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.9862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98624","published_at":"2026-05-05T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98625","published_at":"2026-05-11T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98627","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35581.rb","reference_id":"CVE-2009-2936;OSVDB-67670","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35581.rb"}],"weaknesses":[],"exploits":[{"date_added":"2014-12-19","description":"Varnish Cache CLI Interface - Remote Code Execution (Metasploit)","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":false,"source_date_published":"2014-12-19","exploit_type":"remote","platform":"linux","source_date_updated":"2014-12-19","data_source":"Exploit-DB","source_url":""},{"date_added":null,"description":"This module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce\n                           list of passwords.","required_action":null,"due_date":null,"notes":"{}\n","known_ransomware_campaign_use":false,"source_date_published":null,"exploit_type":null,"platform":"","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/varnish/varnish_cli_login.rb"}],"severity_range_score":null,"exploitability":"2.0","weighted_severity":"0.6","risk_score":1.2,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrzf-yt7d-x7dh"}