Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Varnish_cache | Varnish_cache_project | 3.0.0 | 3.0.0 |
Varnish_cache | Varnish_cache_project | 3.0.6 | 3.0.6 |
Varnish_cache | Varnish_cache_project | 3.0.0 | 3.0.0 |
Varnish_cache | Varnish_cache_project | 3.0.5 | 3.0.5 |
Varnish_cache | Varnish_cache_project | 3.0.2 | 3.0.2 |
Varnish_cache | Varnish_cache_project | 3.0.4 | 3.0.4 |
Varnish_cache | Varnish_cache_project | 3.0.3 | 3.0.3 |
Varnish_cache | Varnish_cache_project | 3.0.1 | 3.0.1 |