For the record, I have added #1274 and #1275 in trac for the last two: https://www.varnish-cache.org/trac/ticket/1274 https://www.varnish-cache.org/trac/ticket/1275
On Wed, Mar 6, 2013 at 3:41 PM, Nils Goroll <[email protected]> wrote: > FYI: > > * > http://www.gossamer-threads.**com/lists/fulldisc/full-**disclosure/89110<http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89110> > -> looks like > https://www.varnish-cache.org/**trac/ticket/927<https://www.varnish-cache.org/trac/ticket/927>at > first sight > > * > http://www.gossamer-threads.**com/lists/fulldisc/full-**disclosure/89115<http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89115> > -> another one with ridiculously high Content-Length > > these ones are also reported for 3.0.3 and look like genuine issues to me: > > * > http://www.gossamer-threads.**com/lists/fulldisc/full-**disclosure/89113<http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89113> > -> new report? (does not look like a new issue to me regarding GetHdr, > but in the context of Vary parsing) > > * > http://www.gossamer-threads.**com/lists/fulldisc/full-**disclosure/89107<http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/89107> > -> Vary parsing > > IIUC to exploit any of these one would need access to a backend or at > least some way to make a backend produce certain response headers. > > Nils > > ______________________________**_________________ > varnish-dev mailing list > [email protected] > https://www.varnish-cache.org/**lists/mailman/listinfo/**varnish-dev<https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev> > -- <http://www.varnish-software.com> *Dag Haavi Finstad* Developer | Varnish Software AS Phone: +47 21 98 92 60 We Make Websites Fly!
_______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
