CVE-2015-8852

Severity

50%

Complexity

99%

Confidentiality

48%

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 8 years ago

2016-04-25 14:59:00

Last updated 8 years ago

2016-12-01 03:01:00

Affected Software

Varnish-Cache Varnish 3.0.0 Beta 1

3.0.0

Varnish-Cache Varnish 3.0.0 Beta 2

3.0.0

Varnish-Cache Varnish 3.0.1

3.0.1

Varnish-Cache Varnish 3.0.2

3.0.2

Varnish-Cache Varnish 3.0.3

3.0.3

Varnish-Cache Varnish 3.0.4

3.0.4

Varnish Cache Varnish 3.0.5

3.0.5

Varnish Cache Varnish 3.0.6

3.0.6

Debian Linux 7.0

7.0

References

openSUSE-SU-2016:1316

DSA-3553

[oss-security] 20160416 CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL

[oss-security] 20160418 Re: CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL

https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c

https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3

GLSA-201607-10

[varnish-announce] 20150323 Varnish 3.0.7 released.

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.