FreeBSD : varnish -- Varnish HTTP Request Parsing Denial of Service (bcee3989-d106-4f60-948f-835375634710)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

SecurityFocus reports :

Varnish is prone to a remote denial-of-service vulnerability because
the application fails to handle certain HTTP requests.

Successfully exploiting this issue allows remote attackers to crash
the affected application denying further service to legitimate users.

See also :

http://varnish.projects.linpro.no/wiki/WikiStart
http://www.nessus.org/u?93cf0e7c

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35696 (freebsd_pkg_bcee3989d1064f60948f835375634710.nasl)

Bugtraq ID: 33712

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now