CVE-2021-36740
published 2021-07-14CVE-2021-36740: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects…
PriorityP336medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
1.60%
72.7th percentile
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | varnish | < varnish 6.5.2-1 (bookworm) | varnish 6.5.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| varnish-cache | varnish | >= 0 < 6.5.1-1+deb11u2 | 6.5.1-1+deb11u2 |
| varnish-cache | varnish | >= 0 < 6.5.2-1 | 6.5.2-1 |
| varnish-cache | varnish | >= 0 < 6.5.2-1 | 6.5.2-1 |
| varnish-cache | varnish | >= 0 < 6.5.2-1 | 6.5.2-1 |
| varnish-cache | varnish | >= 0 < 5.2.1-1ubuntu0.1 | 5.2.1-1ubuntu0.1 |
| varnish-cache | varnish | >= 0 < 6.2.1-2ubuntu0.1 | 6.2.1-2ubuntu0.1 |
| varnish-cache | varnish | >= 0 < 6.6.1-1ubuntu0.2 | 6.6.1-1ubuntu0.2 |
| varnish-cache | varnish_cache | — | — |
| varnish-cache | varnish_cache | >= 6.0.0 < 6.0.8 | 6.0.8 |
| varnish-software | varnish_cache | 6.0.0 – 6.0.5 | — |
| varnish-software | varnish_cache | 6.0.0 – 6.0.7 | — |
| varnish_cache_project | varnish_cache | 5.0.0 – 5.2.1 | — |
| varnish_cache_project | varnish_cache | 6.1.0 – 6.6.0 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Varnish Cache vulnerabilities
vendor_ubuntu·2022-06-08·CVSS 7.5
CVE-2021-36740 [HIGH] Varnish Cache vulnerabilities
Title: Varnish Cache vulnerabilities
Summary: Several security issues were fixed in Varnish Cache.
It was dicovered that Varnish Cache did not clear a pointer between the
handling of one client request and the next request within the same connection.
A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2019-20637)
It was discovered that Varnish Cache could have an assertion failure when a
TLS termination proxy uses PROXY version 2. A remote attacker could possibly
use this issue to restart the daemon and cause a performance loss.
(CVE-2020-11653)
It was discovered that Varnish Cache allowed request smuggling and VCL
authorization bypass via a large Content-Length header for a POST
request. A remote attacker could possibly use this issue to obtain sensit
Red Hat
varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request
vendor_redhat·2021-07-13·CVSS 6.5
CVE-2021-36740 [MEDIUM] CWE-444 varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request
varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Mitigation: This issue can be mitigated by:
1)
Debian
CVE-2021-36740: varnish - Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorizati...
vendor_debian·2021·CVSS 6.5
CVE-2021-36740 [MEDIUM] CVE-2021-36740: varnish - Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorizati...
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Scope: local
bookworm: resolved (fixed in 6.5.2-1)
bullseye: resolved (fixed in 6.5.1-1+deb11u2)
forky: resolved (fixed in 6.5.2-1)
sid: resolved (fixed in 6.5.2-1)
trixie: resolved (fixed in 6.5.2-1)
OSV
varnish vulnerabilities
osv·2022-06-08·CVSS 7.5
CVE-2019-20637 [HIGH] varnish vulnerabilities
varnish vulnerabilities
It was dicovered that Varnish Cache did not clear a pointer between the
handling of one client request and the next request within the same connection.
A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2019-20637)
It was discovered that Varnish Cache could have an assertion failure when a
TLS termination proxy uses PROXY version 2. A remote attacker could possibly
use this issue to restart the daemon and cause a performance loss.
(CVE-2020-11653)
It was discovered that Varnish Cache allowed request smuggling and VCL
authorization bypass via a large Content-Length header for a POST
request. A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2021-36740)
It was discovered that Varnish Cache allo
GHSA
GHSA-8vxj-gx32-j925: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request
ghsa_unreviewed·2022-05-24
CVE-2021-36740 [MEDIUM] CWE-444 GHSA-8vxj-gx32-j925: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
OSV
CVE-2021-36740: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request
osv·2021-07-14·CVSS 6.5
CVE-2021-36740 [MEDIUM] CVE-2021-36740: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.varnish-software.com/security/VSV00007/https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683behttps://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/https://varnish-cache.org/security/VSV00007.htmlhttps://www.debian.org/security/2022/dsa-5088https://docs.varnish-software.com/security/VSV00007/https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683behttps://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/https://varnish-cache.org/security/VSV00007.htmlhttps://www.debian.org/security/2022/dsa-5088
2021-07-14
Published