cvedb.io
CVE-2015-8852
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2016-04-25T14:59:01.250 · Last modified 2026-06-17T00:35:22.033

Summary

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.

Affected products

varnish_cache_project — varnish_cache

Does this affect you?

Add your gear to cvedb and we'll alert you only when varnish_cache_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.