CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2015-8852 – Debian Security Advisory 3553-1
https://notcve.org/view.php?id=CVE-2015-8852
22 Apr 2016 — Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. Varnish 3.x en versiones anteriores a 3.0.7, cuando se utiliza en ciertas instalaciones apiladas, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de r... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0345 – Gentoo Linux Security Advisory 201412-30
https://notcve.org/view.php?id=CVE-2013-0345
08 May 2014 — varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information. varnish 3.0.3 utiliza permisos de lectura universal para el directorio /var/log/varnish/ y los archivos del registro en el directorio, lo que permite a usuarios locales obtener información sensible mediante la lectura de los archivos. NOTA: alg... • http://www.openwall.com/lists/oss-security/2013/02/22/14 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 2CVE-2013-4484 – Varnish Cache Denial of Service
https://notcve.org/view.php?id=CVE-2013-4484
31 Oct 2013 — Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI. Vulnerablilidad en Varnish antes de 3.0.5 permite a atacantes remotos provocar una denegación de servicio (caída del proceso hijo y corte de caché temporal) a través de una solicitud GET con espacios en blanco finales y sin URI. If Varnish receives a certain illegal request, and the subroutine 'vcl_error{}' restarts the... • https://packetstorm.news/files/id/123867 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •