BIT-varnish-2022-23959
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/varnish/BIT-varnish-2022-23959.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-varnish-2022-23959
- Aliases
- Published
- 2024-03-06T11:08:25.199Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
- Database specific
{ "cpes": [ "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*" ], "severity": "Critical" }- References
-
- https://docs.varnish-software.com/security/VSV00008/
- https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/
- https://varnish-cache.org/security/VSV00008.html
- https://www.debian.org/security/2022/dsa-5088
Affected packages
Bitnami / varnish
Package
- Name
- varnish
- Purl
- pkg:bitnami/varnish
Severity
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator