Varnish.Projects.Linpro Varnish vulnerabilities

CVE-2009-2936 [HIGH] CWE-287 CVE-2009-2936: The Command Line Interface (aka Server CLI or administration interface) in the master process in the The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containin

CVE-2009-4488 [CRITICAL] CWE-20 CVE-2009-4488: Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might all Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating tha