Varnish prior to 3.0.5 allows remote malicious users to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI. varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
varnish cache project varnish cache 3.0.3 |