CVE Vulnerabilities

CVE-2015-8852

Published: Apr 25, 2016 | Modified: Aug 02, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.

Affected Software

Name Vendor Start Version End Version
Varnish_cache Varnish_cache_project 3.0.0 3.0.0
Varnish_cache Varnish_cache_project 3.0.6 3.0.6
Varnish_cache Varnish_cache_project 3.0.0 3.0.0
Varnish_cache Varnish_cache_project 3.0.5 3.0.5
Varnish_cache Varnish_cache_project 3.0.2 3.0.2
Varnish_cache Varnish_cache_project 3.0.4 3.0.4
Varnish_cache Varnish_cache_project 3.0.3 3.0.3
Varnish_cache Varnish_cache_project 3.0.1 3.0.1

References