Varnish Cache Multiple Remote Denial of Service Vulnerabilities
BID:58315
Info
Varnish Cache Multiple Remote Denial of Service Vulnerabilities
| Bugtraq ID: | 58315 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 05 2013 12:00AM |
| Updated: | Mar 05 2013 12:00AM |
| Credit: | tytusromekiatomek |
| Vulnerable: |
Varnish Varnish Cache 3.0.3 Varnish Varnish Cache 2.1.5 |
| Not Vulnerable: | |
Discussion
Varnish Cache Multiple Remote Denial of Service Vulnerabilities
Varnish Cache is prone to multiple remote denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the application, effectively denying service to legitimate users.
Varnish Cache version 2.1.5 and version 3.0.3 are vulnerable; other versions may also be affected.
Varnish Cache is prone to multiple remote denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the application, effectively denying service to legitimate users.
Varnish Cache version 2.1.5 and version 3.0.3 are vulnerable; other versions may also be affected.
Exploit / POC
Varnish Cache Multiple Remote Denial of Service Vulnerabilities
Attackers can exploit these issues using browser or readily available tools.
Attackers can exploit these issues using browser or readily available tools.
Solution / Fix
Varnish Cache Multiple Remote Denial of Service Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Varnish Cache Multiple Remote Denial of Service Vulnerabilities
References:
References:
- Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header (SECLISTS)
- Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header (SECLISTS)
- Varnish Cache Homepage (Varnish Software)