Regilero

**Name of the Vulnerable Software and Affected Versions** Varnish versions 3.x through 3.0.6 **Description** The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. This occurs when Varnish is used in certain stacked installations. **Recommendations** For Varnish versions 3.x through 3.0.6, update to version 3.0.7 or later to resolve the issue.