Varnish Header Injection and HTTP Response Splitting Vulnerability Fixed by 3.0.7


Description   (:A vulnerability was reported in Varnish.:A remote attacker could exploit it by injecting HTTP request with a header line terminated by a '
' (carriage return) in order to perform HTTP splitting attacks.::No further information is available.)
     
Vulnerable Products   Vulnerable OS:
GNU/Linux (Debian) - 7openSUSE (SUSE) - 13.2Vulnerable Software:
Varnish Cache (Varnish) - 3, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6
     
Solution   Fixed varnish packages for openSUSE 13.2 are available.
     
CVE   CVE-2015-8852
     
References   - oss-sec: CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL
http://seclists.org/oss-sec/2016/q2/81
- DSA 3553-1 : varnish security update
https://lists.debian.org/debian-security-announce/2016/msg00130.html
- openSUSE-SU-2016:1316-1 : Security update for varnish
https://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
HTTP Response Splitting : suspicious Content-Length in URL
3.2.0
HTTP Response Splitting : suspicious HTTP/1.x in URL
3.2.0
HTTP Response Splitting : suspicious Set-Cookie in URL
3.2.0
Invalid HTTP protocol
3.2.0
HTTP Response Splitting : suspicious Content-Type in URL
3.5.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2016-04-16 

 Target Type 
Server 

 Possible exploit 
Remote