Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-25T14:00:00

Updated: 2024-08-06T08:29:22.025Z

Reserved: 2016-04-18T00:00:00

Link: CVE-2015-8852

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-04-25T14:59:01.250

Modified: 2022-08-02T16:29:08.037

Link: CVE-2015-8852

cve-icon Redhat

Severity : Important

Publid Date: 2015-03-12T00:00:00Z

Links: CVE-2015-8852 - Bugzilla