CVE-2015-8852

moderate-risk

Published 2016-04-25

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.

Do I need to act?

1.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (9)

Varnish Cache

Debian Linux

Varnish Cache

Affected Vendors

Varnish Cache Project Debian

References (16)

http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html

http://www.debian.org/security/2016/dsa-3553

http://www.openwall.com/lists/oss-security/2016/04/16/1

http://www.openwall.com/lists/oss-security/2016/04/18/7

https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692...

https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ec...

https://security.gentoo.org/glsa/201607-10

Vendor Advisory https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701...

http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html

http://www.debian.org/security/2016/dsa-3553

http://www.openwall.com/lists/oss-security/2016/04/16/1

http://www.openwall.com/lists/oss-security/2016/04/18/7

https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692...

https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ec...

https://security.gentoo.org/glsa/201607-10

Vendor Advisory https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 3/34 · Minimal

Exposure 15/34 · Moderate