FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d9dbe6e8-84da-11e3-98bd-080027f2d077	varnish -- DoS vulnerability in Varnish HTTP cache Varnish Cache Project reports: If Varnish receives a certain illegal request, and the subroutine 'vcl_error{}' restarts the request, the varnishd worker process will crash with an assert. The varnishd management process will restart the worker process, but there will be a brief interruption of service and the cache will be emptied, causing more traffic to go to the backend. We are releasing this advisory because restarting from vcl_error{} is both fairly common and documented. This is purely a denial of service vulnerability, there is no risk of privilege escalation. Workaround Insert this at the top of your VCL file: sub vcl_error { if (obj.status == 400 \|\| obj.status == 413) { return(deliver); } } Or add this test at the top of your existing vcl_error{}. Discovery 2013-10-30 Entry 2014-01-25 varnish < 3.0.5 CVE-2013-4484 https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html

VuXML ID

Description

d9dbe6e8-84da-11e3-98bd-080027f2d077

varnish -- DoS vulnerability in Varnish HTTP cache

Varnish Cache Project reports:

If Varnish receives a certain illegal request, and the subroutine 'vcl_error{}' restarts the request, the varnishd worker process will crash with an assert.

The varnishd management process will restart the worker process, but there will be a brief interruption of service and the cache will be emptied, causing more traffic to go to the backend.

We are releasing this advisory because restarting from vcl_error{} is both fairly common and documented.

This is purely a denial of service vulnerability, there is no risk of privilege escalation.

Workaround

Insert this at the top of your VCL file:
		sub vcl_error {
			if (obj.status == 400 || obj.status == 413) {
				return(deliver);
			}
		}

		Or add this test at the top of your existing vcl_error{}.
	  

Discovery 2013-10-30
Entry 2014-01-25
varnish

< 3.0.5

CVE-2013-4484
https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html