Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-8852

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. (CVE-2015-8852)

Source

ALAS-2016-721

Amazon Linux AMI Security Advisory: ALAS-2016-721
Advisory Release Date: 2016-07-14 16:30 Pacific
Advisory Updated Date: 2016-07-14 16:30 Pacific

Severity: Important

References: CVE-2015-8852

Issue Overview:

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. (CVE-2015-8852)

Affected Packages:

varnish

Issue Correction:
Run yum update varnish to update your system.

New Packages:

i686:
    varnish-debuginfo-3.0.7-1.20.amzn1.i686
    varnish-libs-3.0.7-1.20.amzn1.i686
    varnish-3.0.7-1.20.amzn1.i686
    varnish-libs-devel-3.0.7-1.20.amzn1.i686
    varnish-docs-3.0.7-1.20.amzn1.i686

src:
    varnish-3.0.7-1.20.amzn1.src

x86_64:
    varnish-libs-devel-3.0.7-1.20.amzn1.x86_64
    varnish-libs-3.0.7-1.20.amzn1.x86_64
    varnish-3.0.7-1.20.amzn1.x86_64
    varnish-docs-3.0.7-1.20.amzn1.x86_64
    varnish-debuginfo-3.0.7-1.20.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2016-721

ALAS-2016-721

Vulmon Search

About

Products

Connect