Published: 01/11/2013 Updated: 02/08/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Varnish prior to 3.0.5 allows remote malicious users to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
varnish-cache varnish 2.0.0
varnish cache project varnish cache 2.0.6
varnish cache project varnish cache 2.0.1
varnish cache project varnish cache 2.1.1
varnish cache project varnish cache 2.0.4
varnish cache project varnish cache 3.0.0
varnish cache project varnish cache 2.1.2
varnish cache project varnish cache 2.1.0
varnish cache project varnish cache 2.0.3
varnish cache project varnish cache 2.1.5
varnish cache project varnish cache 2.0.5
varnish cache project varnish cache 3.0.2
varnish cache project varnish cache 3.0.1
varnish cache project varnish cache
varnish cache project varnish cache 3.0.3
varnish cache project varnish cache 2.1.4
varnish cache project varnish cache 2.1.3
varnish cache project varnish cache 2.0.2

Debian Bug report logs - #728989 varnish: CVE-2013-4484 Package: varnish; Maintainer for varnish is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>; Source for varnish is src:varnish (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Nov 2013 16:18:02 UTC Sev ...

A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI For the oldstable distribution (sq ...

Varnish before 305 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI varnish 303 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensit ...

If Varnish receives a certain illegal request, and the subroutine 'vcl_error{}' restarts the request, the varnishd worker process will crash with an assert The varnishd management process will restart the worker process, but there will be a brief interruption of service and the cache will be emptied, causing more traffic to go to the backend Vers ...

CWE-119 https://www.varnish-cache.org/trac/ticket/1367 http://lists.opensuse.org/opensuse-updates/2013-11/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00033.html http://secunia.com/advisories/55452 http://www.debian.org/security/2012/dsa-2814 http://www.openwall.com/lists/oss-security/2013/10/30/5 http://secunia.com/advisories/55746 http://archives.neohapsis.com/archives/bugtraq/2013-10/0158.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728989 https://nvd.nist.gov https://www.debian.org/security/./dsa-2814

CVE-2013-4484

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect