Varnish: Multiple vulnerabilities — GLSA 201607-10

Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow.

Affected packages

www-servers/varnish on all architectures
Affected versions < 3.0.7
Unaffected versions >= 3.0.7

Background

Varnish is a web application accelerator.

Description

Varnish fails to properly validate input from HTTP headers, and does not deny requests with multiple Content-Length headers.

Impact

Remote attackers could conduct an HTTP response splitting attack, which may further enable them to conduct Cross-Site Scripting (XSS), Cache Poisoning, Defacement, and Page Hijacking.

Workaround

There is no known workaround at this time.

Resolution

All Varnish users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/varnish-3.0.7"
 

References

Release date
July 20, 2016

Latest revision
July 20, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries