Lucene search
AmazonALAS-2014-276HistoryJan 14, 2014 - 4:09 p.m.
Medium: varnish
2014-01-1416:09:00
alas.aws.amazon.com
14
0.039 Low
EPSS
Percentile
92.0%
Issue Overview:
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.
Affected Packages:
varnish
Issue Correction:
Run yum update varnish to update your system.
New Packages:
i686:
varnish-debuginfo-3.0.5-1.14.amzn1.i686
varnish-docs-3.0.5-1.14.amzn1.i686
varnish-libs-devel-3.0.5-1.14.amzn1.i686
varnish-libs-3.0.5-1.14.amzn1.i686
varnish-3.0.5-1.14.amzn1.i686
src:
varnish-3.0.5-1.14.amzn1.src
x86_64:
varnish-libs-devel-3.0.5-1.14.amzn1.x86_64
varnish-libs-3.0.5-1.14.amzn1.x86_64
varnish-3.0.5-1.14.amzn1.x86_64
varnish-docs-3.0.5-1.14.amzn1.x86_64
varnish-debuginfo-3.0.5-1.14.amzn1.x86_64
Additional References
Red Hat: CVE-2013-0345, CVE-2013-4484
Mitre: CVE-2013-0345, CVE-2013-4484
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | varnish-debuginfo | < 3.0.5-1.14.amzn1 | varnish-debuginfo-3.0.5-1.14.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | varnish-docs | < 3.0.5-1.14.amzn1 | varnish-docs-3.0.5-1.14.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | varnish-libs-devel | < 3.0.5-1.14.amzn1 | varnish-libs-devel-3.0.5-1.14.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | varnish-libs | < 3.0.5-1.14.amzn1 | varnish-libs-3.0.5-1.14.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | varnish | < 3.0.5-1.14.amzn1 | varnish-3.0.5-1.14.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | varnish-libs-devel | < 3.0.5-1.14.amzn1 | varnish-libs-devel-3.0.5-1.14.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | varnish-libs | < 3.0.5-1.14.amzn1 | varnish-libs-3.0.5-1.14.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | varnish | < 3.0.5-1.14.amzn1 | varnish-3.0.5-1.14.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | varnish-docs | < 3.0.5-1.14.amzn1 | varnish-docs-3.0.5-1.14.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | varnish-debuginfo | < 3.0.5-1.14.amzn1 | varnish-debuginfo-3.0.5-1.14.amzn1.x86_64.rpm |
Related
nessus
nessus
Fedora 20 : varnish-3.0.5-1.fc20 (2013-24018)
2014-05-06 00:00:00
Amazon Linux AMI : varnish (ALAS-2014-276)
2014-02-05 00:00:00
Fedora 19 : varnish-3.0.5-1.fc19 (2013-24023)
2014-05-06 00:00:00
openvas
openvas
Fedora Update for varnish FEDORA-2013-24023
2014-05-12 00:00:00
Fedora Update for varnish FEDORA-2013-24018
2014-05-12 00:00:00
Fedora Update for varnish FEDORA-2013-24018
2014-05-12 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: varnish-3.0.5-1.fc19
2014-05-06 03:30:29
[SECURITY] Fedora 20 Update: varnish-3.0.5-1.fc20
2014-05-06 03:41:15
gentoo
gentoo
Varnish: Multiple vulnerabilities
2014-12-15 00:00:00
cve
cve
CVE-2013-0345
2014-05-08 14:29:00
CVE-2013-4484
2013-11-01 02:55:00
debiancve
debiancve
CVE-2013-0345
2014-05-08 14:29:00
CVE-2013-4484
2013-11-01 02:55:00
prion
prion
Information disclosure
2014-05-08 14:29:00
Design/Logic Flaw
2013-11-01 02:55:00
cvelist
cvelist
CVE-2013-0345
2014-05-08 14:00:00
CVE-2013-4484
2013-11-01 01:00:00
ubuntucve
ubuntucve
CVE-2013-0345
2014-05-08 00:00:00
CVE-2013-4484
2013-11-01 00:00:00
securityvulns
securityvulns
Varnish HTTP cache DoS
2013-11-05 00:00:00
[CVE-2013-4484] DoS vulnerability in Varnish HTTP cache
2013-11-05 00:00:00
packetstorm
packetstorm
Varnish Cache Denial Of Service
2013-10-31 00:00:00
mageia
mageia
Updated varnish packages fix CVE-2013-4484 and correct service behaviour
2014-02-13 23:44:30
freebsd
freebsd
varnish -- DoS vulnerability in Varnish HTTP cache
2013-10-30 00:00:00
zdt
zdt
Varnish Cache server Denial Of Service
2013-11-01 00:00:00
debian
debian
[SECURITY] [DSA 2814-1] varnish security update
2013-12-09 17:14:03
[SECURITY] [DSA 2814-1] varnish security update
2013-12-09 17:13:43