CVE-2017-12425
- EPSS 0.82%
- Veröffentlicht 04.08.2017 09:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, rel...
CVE-2015-8852
- EPSS 1.09%
- Veröffentlicht 25.04.2016 14:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction...
CVE-2013-0345
- EPSS 0.05%
- Veröffentlicht 08.05.2014 14:29:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third ...
- EPSS 1.46%
- Veröffentlicht 01.11.2013 02:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.