Download
| Alert*
oval:org.secpod.oval:def:602478
Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies. oval:org.secpod.oval:def:1600424 Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r character in conjunction with multiple Content-Length headers in an HTTP request oval:org.secpod.oval:def:601166 A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service via a GET request with trailing whitespace characters and no URI. oval:org.secpod.oval:def:1600064 Varnish before 3.0.5 allows remote attackers to cause a denial of service via a GET request with trailing whitespace characters and no URI.varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensiti ... oval:org.secpod.oval:def:106964 This is Varnish Cache, a high-performance HTTP accelerator oval:org.secpod.oval:def:106968 This is Varnish Cache, a high-performance HTTP accelerator |