[v2.5] CVE-2013-4484: varnish: denial of service
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
•BUGTRAQ:20131030 [CVE-2013-4484] DoS vulnerability in Varnish HTTP
cache
•URL:http://archives.neohapsis.com/archives/bugtraq/current/0158.html
•CONFIRM:https://www.varnish-cache.org/trac/ticket/1367
•SUSE:openSUSE-SU-2013:1679
•URL:http://lists.opensuse.org/opensuse-updates/2013-11/msg00029.html
•SUSE:openSUSE-SU-2013:1683
•URL:http://lists.opensuse.org/opensuse-updates/2013-11/msg00033.html
(from redmine: issue id 2489, created on 2013-12-13, closed on 2013-12-14)
- Relations:
- parent #2488 (closed)
- Changesets:
- Revision 56a949b0 by Natanael Copa on 2013-12-13T16:05:02Z:
main/varnish: security upgrade to 3.0.5 (CVE-2013-4484)
fixes #2489