CVE-2021-36740 — HTTP Request Smuggling in Varnish Cache
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
0.7%
top 27.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 14
Latest updateJun 8
Description
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5
Affected Packages5 packages
Also affects: Debian Linux 10.0, 11.0, Fedora 33, 34
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-8vxj-gx32-j925: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request↗2022-05-24
OSV▶
CVE-2021-36740: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request↗2021-07-14
CVEList▶
CVE-2021-36740: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request↗2021-07-14