AVG-502

Package varnish
Status Fixed
Severity Medium
Type information disclosure
Affected 5.1.3-1
Fixed 5.2.1-1
Current 5.2.1-3 [extra]
Ticket FS#56376
Created Sun Nov 19 13:31:17 2017
Issue Severity Remote Type Description
CVE-2017-8807 Medium Yes Information disclosure
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive...
Date Advisory Package Description
26 Nov 2017 ASA-201711-29 varnish information disclosure
References
https://varnish-cache.org/security/VSV00002.html
https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7
https://github.com/varnishcache/varnish-cache/pull/2429