full disclosure reports
Nils Goroll
slink at schokola.de
Wed Mar 6 15:41:49 CET 2013
FYI:
* http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89110
-> looks like https://www.varnish-cache.org/trac/ticket/927 at first sight
* http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89115
-> another one with ridiculously high Content-Length
these ones are also reported for 3.0.3 and look like genuine issues to me:
* http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89113
-> new report? (does not look like a new issue to me regarding GetHdr,
but in the context of Vary parsing)
* http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89107
-> Vary parsing
IIUC to exploit any of these one would need access to a backend or at least some
way to make a backend produce certain response headers.
Nils
More information about the varnish-dev
mailing list