Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
02 Aug 2022, 16:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:varnish-cache:varnish_cache:3.0.5:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.0:beta2:*:*:*:*:*:* |
cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:* cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:* |
21 Jun 2022, 17:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:varnish-cache:varnish:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish:3.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish:3.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish:3.0.5:*:*:*:*:*:*:* |
cpe:2.3:a:varnish-cache:varnish_cache:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.5:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:varnish-cache:varnish_cache:3.0.0:beta2:*:*:*:*:*:* |
Information
Published : 2016-04-25 14:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-8852
Mitre link : CVE-2015-8852
CVE.ORG link : CVE-2015-8852
JSON object : View
Products Affected
varnish_cache_project
- varnish_cache
debian
- debian_linux
CWE