CVE-2013-4484

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
varnish-cachevarnish
2.0.0
varnish_cache_projectvarnish_cache
𝑥
≤ 3.0.4
varnish_cache_projectvarnish_cache
2.0.1
varnish_cache_projectvarnish_cache
2.0.2
varnish_cache_projectvarnish_cache
2.0.3
varnish_cache_projectvarnish_cache
2.0.4
varnish_cache_projectvarnish_cache
2.0.5
varnish_cache_projectvarnish_cache
2.0.6
varnish_cache_projectvarnish_cache
2.1.0
varnish_cache_projectvarnish_cache
2.1.1
varnish_cache_projectvarnish_cache
2.1.2
varnish_cache_projectvarnish_cache
2.1.3
varnish_cache_projectvarnish_cache
2.1.4
varnish_cache_projectvarnish_cache
2.1.5
varnish_cache_projectvarnish_cache
3.0.0
varnish_cache_projectvarnish_cache
3.0.0:beta1
varnish_cache_projectvarnish_cache
3.0.0:beta2
varnish_cache_projectvarnish_cache
3.0.1
varnish_cache_projectvarnish_cache
3.0.2
varnish_cache_projectvarnish_cache
3.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
varnish
bullseye (security)
6.5.1-1+deb11u3
fixed
bullseye
6.5.1-1+deb11u3
fixed
bookworm
7.1.1-1.1
fixed
sid
7.6.0-2
fixed
trixie
7.6.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
varnish
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-10/0158.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00029.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00033.html
http://secunia.com/advisories/55452
http://secunia.com/advisories/55746
http://www.debian.org/security/2012/dsa-2814
http://www.openwall.com/lists/oss-security/2013/10/30/5
https://www.varnish-cache.org/trac/ticket/1367
http://archives.neohapsis.com/archives/bugtraq/2013-10/0158.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00029.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00033.html
http://secunia.com/advisories/55452
http://secunia.com/advisories/55746
http://www.debian.org/security/2012/dsa-2814
http://www.openwall.com/lists/oss-security/2013/10/30/5
https://www.varnish-cache.org/trac/ticket/1367