Varnish DoS vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
varnish (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
As described in
https:/
varnish has a security issue for DoS which has been fixed.
A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert.
This causes the varnishd worker process to abort and restart, loosing the cached contents in the process.
An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack.
The bug has been fixed in Debian: https:/
My Ubuntu Version is:
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Package Version:
varnish:
Installed: 4.1.1-1
Candidate: 4.1.1-1
Version table:
*** 4.1.1-1 500
500 http://
100 /var/lib/
information type: | Private Security → Public Security |