FYI:
* http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89110
-> looks like https://www.varnish-cache.org/trac/ticket/927 at first sight
* http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89115
-> another one with ridiculously high Content-Length
these ones are also reported for 3.0.3 and look like genuine issues to me:
* http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89113
-> new report? (does not look like a new issue to me regarding GetHdr,
but in the context of Vary parsing)
* http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89107
-> Vary parsing
IIUC to exploit any of these one would need access to a backend or at least some
way to make a backend produce certain response headers.
Nils
_______________________________________________
varnish-dev mailing list
[email protected]
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
