CVE-2013-4484

Varnish Cache Denial Of Service

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

Vulnerablilidad en Varnish antes de 3.0.5 permite a atacantes remotos provocar una denegación de servicio (caída del proceso hijo y corte de caché temporal) a través de una solicitud GET con espacios en blanco finales y sin URI.

If Varnish receives a certain illegal request, and the subroutine 'vcl_error{}' restarts the request, the varnishd worker process will crash with an assert. The varnishd management process will restart the worker process, but there will be a brief interruption of service and the cache will be emptied, causing more traffic to go to the backend. Versions 2.0.x, 2.1.x, and 3.0.x are affected.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-12 CVE Reserved
2013-10-31 CVE Published
2024-07-19 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (8)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2013-10/0158.html	Mailing List
http://secunia.com/advisories/55452	Third Party Advisory
http://secunia.com/advisories/55746	Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/30/5	Mailing List

URL	Date	SRC
https://www.varnish-cache.org/trac/ticket/1367	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2013-11/msg00029.html	2022-08-02
http://lists.opensuse.org/opensuse-updates/2013-11/msg00033.html	2022-08-02
http://www.debian.org/security/2012/dsa-2814	2022-08-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Varnish-cache Search vendor "Varnish-cache"		Varnish Search vendor "Varnish-cache" for product "Varnish"				2.0.0 Search vendor "Varnish-cache" for product "Varnish" and version "2.0.0"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				<= 3.0.4 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version " <= 3.0.4"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.0.1 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.0.1"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.0.2 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.0.2"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.0.3 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.0.3"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.0.4 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.0.4"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.0.5 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.0.5"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.0.6 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.0.6"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.1.0 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.1.0"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.1.1 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.1.1"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.1.2 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.1.2"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.1.3 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.1.3"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.1.4 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.1.4"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				2.1.5 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "2.1.5"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				3.0.0 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "3.0.0"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				3.0.0 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "3.0.0"		beta1		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				3.0.0 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "3.0.0"		beta2		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				3.0.1 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "3.0.1"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				3.0.2 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "3.0.2"		-		Affected
Varnish Cache Project Search vendor "Varnish Cache Project"		Varnish Cache Search vendor "Varnish Cache Project" for product "Varnish Cache"				3.0.3 Search vendor "Varnish Cache Project" for product "Varnish Cache" and version "3.0.3"		-		Affected