CVE-2013-4484

Published: Nov 1, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.

Affected (20)

Products: Varnish Cache: Varnish · Varnish Cache Project: Varnish Cache

1 product

Varnish Cache Project

1 product

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Varnish Cache Varnish	Version 2.0.0
Varnish Cache Project Varnish Cache	Up to 3.0.4
Varnish Cache Project Varnish Cache	Version 2.0.1
Varnish Cache Project Varnish Cache	Version 2.0.2
Varnish Cache Project Varnish Cache	Version 2.0.3
Varnish Cache Project Varnish Cache	Version 2.0.4
Varnish Cache Project Varnish Cache	Version 2.0.5
Varnish Cache Project Varnish Cache	Version 2.0.6
Varnish Cache Project Varnish Cache	Version 2.1.0
Varnish Cache Project Varnish Cache	Version 2.1.1
Varnish Cache Project Varnish Cache	Version 2.1.2
Varnish Cache Project Varnish Cache	Version 2.1.3
Varnish Cache Project Varnish Cache	Version 2.1.4
Varnish Cache Project Varnish Cache	Version 2.1.5
Varnish Cache Project Varnish Cache	Version 3.0.0
Varnish Cache Project Varnish Cache	Version 3.0.0 beta1
Varnish Cache Project Varnish Cache	Version 3.0.0 beta2
Varnish Cache Project Varnish Cache	Version 3.0.1
Varnish Cache Project Varnish Cache	Version 3.0.2
Varnish Cache Project Varnish Cache	Version 3.0.3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (16)

http://archives.neohapsis.com/archives/bugtraq/2013-10/0158.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-11/msg00029.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-11/msg00033.html

Source: secalert@redhat.com

http://secunia.com/advisories/55452

Source: secalert@redhat.com

http://secunia.com/advisories/55746

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2814

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/10/30/5

Source: secalert@redhat.com

https://www.varnish-cache.org/trac/ticket/1367

Source: secalert@redhat.com

ExploitPatch

http://archives.neohapsis.com/archives/bugtraq/2013-10/0158.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-11/msg00029.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-11/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/55452

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/55746

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2814

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/10/30/5

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.varnish-cache.org/trac/ticket/1367

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.