CVE-2015-8852
Last modified
CVE-2015-8852 is a vulnerability of currently unknown severity. Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.. EPSS estimates a 3.43% chance of exploitation in the next 30 days.
Description
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Varnish Cache Project | Varnish Cache | 3.0.0 | Beta1 |
| Varnish Cache Project | Varnish Cache | 3.0.1 | — |
| Varnish Cache Project | Varnish Cache | 3.0.2 | — |
| Varnish Cache Project | Varnish Cache | 3.0.3 | — |
| Varnish Cache Project | Varnish Cache | 3.0.4 | — |
| Varnish Cache Project | Varnish Cache | 3.0.5 | — |
| Varnish Cache Project | Varnish Cache | 3.0.6 | — |
| Debian | Debian Linux | 7.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-8852?
How severe is CVE-2015-8852?
How do I fix CVE-2015-8852?
Are you affected by CVE-2015-8852?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST