Download
| Alert*
oval:org.secpod.oval:def:602478
Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies. oval:org.secpod.oval:def:1600424 Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r character in conjunction with multiple Content-Length headers in an HTTP request |