Description
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-3523)
MySQL CVE-2012-3149 Vulnerability (CVE-2012-3149)
Oracle JRE CVE-2014-0455 Vulnerability (CVE-2014-0455)
OpenSSL Resource Management Errors Vulnerability (CVE-2006-2937)
WordPress Plugin User Login History Multiple Cross-Site Scripting Vulnerabilities (1.5.2)