CVE-2013-4484
published 2013-11-01CVE-2013-4484: Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.02%
85.8th percentile
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | varnish | < varnish 3.0.5-1 (bookworm) | varnish 3.0.5-1 (bookworm) |
| varnish-cache | varnish | — | — |
| varnish-cache | varnish | >= 0 < 3.0.5-1 | 3.0.5-1 |
| varnish-cache | varnish | >= 0 < 3.0.5-1 | 3.0.5-1 |
| varnish-cache | varnish | >= 0 < 3.0.5-1 | 3.0.5-1 |
| varnish-cache | varnish | >= 0 < 3.0.5-1 | 3.0.5-1 |
| varnish_cache_project | varnish_cache | <= 3.0.4 | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
| varnish_cache_project | varnish_cache | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p7mm-48cj-8hqw: Varnish before 3
ghsa_unreviewed·2022-05-17
CVE-2013-4484 [MEDIUM] CWE-119 GHSA-p7mm-48cj-8hqw: Varnish before 3
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
OSV
CVE-2013-4484: Varnish before 3
osv·2013-11-01·CVSS 5.0
CVE-2013-4484 [MEDIUM] CVE-2013-4484: Varnish before 3
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
Debian
CVE-2013-4484: varnish - Varnish before 3.0.5 allows remote attackers to cause a denial of service (child...
vendor_debian·2013·CVSS 5.0
CVE-2013-4484 [MEDIUM] CVE-2013-4484: varnish - Varnish before 3.0.5 allows remote attackers to cause a denial of service (child...
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
Scope: local
bookworm: resolved (fixed in 3.0.5-1)
bullseye: resolved (fixed in 3.0.5-1)
forky: resolved (fixed in 3.0.5-1)
sid: resolved (fixed in 3.0.5-1)
trixie: resolved (fixed in 3.0.5-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4484 varnish: denial of service handling certain GET requests [fedora-all]
bugzilla·2013-10-31·CVSS 5.0
CVE-2013-4484 [MEDIUM] CVE-2013-4484 varnish: denial of service handling certain GET requests [fedora-all]
CVE-2013-4484 varnish: denial of service handling certain GET requests [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this iss
Bugzilla
CVE-2013-4484 varnish: denial of service handling certain GET requests [epel-all]
bugzilla·2013-10-31·CVSS 5.0
CVE-2013-4484 [MEDIUM] CVE-2013-4484 varnish: denial of service handling certain GET requests [epel-all]
CVE-2013-4484 varnish: denial of service handling certain GET requests [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this
Bugzilla
CVE-2013-4484 varnish: denial of service handling certain GET requests
bugzilla·2013-10-31·CVSS 5.0
CVE-2013-4484 [MEDIUM] CVE-2013-4484 varnish: denial of service handling certain GET requests
CVE-2013-4484 varnish: denial of service handling certain GET requests
Varnish Cache a high-performance HTTP accelerator. A denial of service flaw was found in the way Varnish Cache handled certain GET requests when using certain configurations. A remote attacker could use this flaw to crash a worker process.
References:
https://www.varnish-cache.org/trac/ticket/1367
https://www.varnish-cache.org/trac/changeset/4bd5b7991bf602a6c46dd0d65fc04d4b8d9667a6
https://www.varnish-cache.org/trac/changeset/9c9a9904bdb56b62017f338baf9c8e906b88dcac
Discussion:
Created varnish tracking bugs for this issue:
Affects: fedora-all [bug 1025128]
Affects: epel-all [bug 1025129]
---
I was not familiar enough with varnish to reproduce this issue, but the Fedora and EPEL packages are missing the commit fr
http://archives.neohapsis.com/archives/bugtraq/2013-10/0158.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00033.htmlhttp://secunia.com/advisories/55452http://secunia.com/advisories/55746http://www.debian.org/security/2012/dsa-2814http://www.openwall.com/lists/oss-security/2013/10/30/5https://www.varnish-cache.org/trac/ticket/1367http://archives.neohapsis.com/archives/bugtraq/2013-10/0158.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00033.htmlhttp://secunia.com/advisories/55452http://secunia.com/advisories/55746http://www.debian.org/security/2012/dsa-2814http://www.openwall.com/lists/oss-security/2013/10/30/5https://www.varnish-cache.org/trac/ticket/1367
2013-11-01
Published