CVE-2015-8852 — HTTP Request/Response Splitting in Cache Project Varnish Cache

CWE-113 — HTTP Request/Response Splitting10 documents8 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Varnish-cache Varnish Debian Linux Varnish Cache Project Varnish Cache

Timeline

PublishedApr 25

Latest updateMay 17

Description

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Debianvarnish-cache/varnish< 4.0.0-1+3

▶NVDvarnish_cache_project/varnish_cache7 versions+6

Also affects: Debian Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-rgw4-jfff-qx3m: Varnish 3↗2022-05-17

▶

OSV

CVE-2015-8852: Varnish 3↗2016-04-25

▶

CVEList

CVE-2015-8852: Varnish 3↗2016-04-25

▶

📋Vendor Advisories

Red Hat

varnish: http smuggling issues↗2015-03-12

▶

Debian

CVE-2015-8852: varnish - Varnish 3.x before 3.0.7, when used in certain stacked installations, allows rem...↗2015

▶

💬Community

HackerOne

Multiple HTTP Smuggling reports↗2019-11-12

▶

Bugzilla

CVE-2015-8852 varnish: http smuggling issues↗2016-04-19

▶

Bugzilla

CVE-2015-8852 varnish: http smuggling issues [epel-5]↗2016-04-19

▶

Bugzilla

CVE-2015-8852 varnish: http smuggling issues [epel-6]↗2016-04-19

▶