CVE-2015-8852 - OpenCVE

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Varnish Cache Project	Varnish Cache

Configuration 1 [-]

OR	cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1::::::
	cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2::::::
	cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:::::::*
	cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:::::::*
	cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:::::::*
	cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:::::::*
	cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:::::::*
	cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:::::::*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html
http://www.debian.org/security/2016/dsa-3553
http://www.openwall.com/lists/oss-security/2016/04/16/1
http://www.openwall.com/lists/oss-security/2016/04/18/7
https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c
https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3
https://security.gentoo.org/glsa/201607-10
https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-25T14:00:00

Updated: 2016-11-29T16:57:01

Reserved: 2016-04-18T00:00:00

Link: CVE-2015-8852

JSON object: View

NVD Information

Status : Modified

Published: 2016-04-25T14:59:01.250

Modified: 2022-08-02T16:29:08.037

Link: CVE-2015-8852

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-29T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3553", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3553"}, {"name": "[varnish-announce] 20150323 Varnish 3.0.7 released.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701.html"}, {"name": "[oss-security] 20160418 Re: CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/04/18/7"}, {"name": "GLSA-201607-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201607-10"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3"}, {"name": "[oss-security] 20160416 CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/04/16/1"}, {"name": "openSUSE-SU-2016:1316", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8852", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3553", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3553"}, {"name": "[varnish-announce] 20150323 Varnish 3.0.7 released.", "refsource": "MLIST", "url": "https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701.html"}, {"name": "[oss-security] 20160418 Re: CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/04/18/7"}, {"name": "GLSA-201607-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-10"}, {"name": "https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c", "refsource": "CONFIRM", "url": "https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c"}, {"name": "https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3", "refsource": "CONFIRM", "url": "https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3"}, {"name": "[oss-security] 20160416 CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/04/16/1"}, {"name": "openSUSE-SU-2016:1316", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8852", "datePublished": "2016-04-25T14:00:00", "dateReserved": "2016-04-18T00:00:00", "dateUpdated": "2016-11-29T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "49CC7329-F9C3-4CE4-8B10-BE9BAC24615D", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "99769363-66C9-4059-AC07-726BCF541312", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E8FFA83-A7B0-480B-BA50-4EE2D17C8D86", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2585ABA8-DB5A-4AB0-9A4E-E9705D1F1A4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0850185C-FA95-44F2-B4AF-454D053A811B", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D1B8877C-1231-46FD-8097-60D224380518", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4283CC51-18D7-4D1B-9144-D418C5802327", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3211DD31-9D09-41E6-B2E1-85A0EB8925AF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request."}, {"lang": "es", "value": "Varnish 3.x en versiones anteriores a 3.0.7, cuando se utiliza en ciertas instalaciones apiladas, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separaci\u00f3n de respuesta HTTP a trav\u00e9s de una l\u00ednea de cabecera terminada por un car\u00e1cter \\r (retorno de carro) en conjunci\u00f3n con m\u00faltiples cabeceras Content-Length en una petici\u00f3n HTTP."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/113.html\">CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')</a>", "id": "CVE-2015-8852", "lastModified": "2022-08-02T16:29:08.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-25T14:59:01.250", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3553"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/04/16/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/04/18/7"}, {"source": "cve@mitre.org", "url": "https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c"}, {"source": "cve@mitre.org", "url": "https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201607-10"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}