6 matches found
Amazon Linux: Security Advisory (ALAS-2016-721)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: varnish
Issue Overview: Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r carriage return character in conjunction with multiple Content-Length...
openSUSE Security Update : varnish (openSUSE-2016-588)
This varnish update to version 3.0.7 fixes the following issues : Security issues fixed : - CVE-2015-8852: Vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL. boo976097 Bugs fixed : - Stop recognizing a single CR \r as a HTTP line separator. - Improved error detection on...
Mageia: Security Advisory (MGASA-2016-0150)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-8852
Varnish 3.x before 3.0.7 is vulnerable to HTTP header injection/response smuggling due to a header line terminated by a CR in combination with multiple Content-Length headers. Exploitation could enable HTTP response splitting and related impacts. Remediation: upgrade to Varnish 3.0.7 or newer (as...
[SECURITY] [DSA 3553-1] varnish security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3553-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 22, 2016 https://www.debian.org/security/faq -...