CVE-2022-23959
published 2022-01-26CVE-2022-23959: In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and…
PriorityP348critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.96%
77.8th percentile
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | varnish | < varnish 7.1.0-5 (bookworm) | varnish 7.1.0-5 (bookworm) |
| fedoraproject | fedora | — | — |
| varnish-cache | varnish | >= 0 < 6.5.1-1+deb11u2 | 6.5.1-1+deb11u2 |
| varnish-cache | varnish | >= 0 < 7.1.0-5 | 7.1.0-5 |
| varnish-cache | varnish | >= 0 < 7.1.0-5 | 7.1.0-5 |
| varnish-cache | varnish | >= 0 < 7.1.0-5 | 7.1.0-5 |
| varnish-cache | varnish | >= 0 < 5.2.1-1ubuntu0.1 | 5.2.1-1ubuntu0.1 |
| varnish-cache | varnish | >= 0 < 6.2.1-2ubuntu0.1 | 6.2.1-2ubuntu0.1 |
| varnish-cache | varnish | >= 0 < 6.6.1-1ubuntu0.2 | 6.6.1-1ubuntu0.2 |
| varnish-software | varnich_cache | — | — |
| varnish-software | varnich_cache | >= 1.0.0 < 6.6.2 | 6.6.2 |
| varnish-software | varnich_cache | >= 4.1.1 < 4.1.11r6 | 4.1.11r6 |
| varnish-software | varnish_cache | >= 6.0.0 < 6.0.10 | 6.0.10 |
| varnish-software | varnish_cache_plus | >= 6.0.0 < 6.0.9r4 | 6.0.9r4 |
| varnish_cache_project | varnish_cache | >= 7.0.0 < 7.0.2 | 7.0.2 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_redhat9.1CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
varnish vulnerabilities
osv·2022-06-08·CVSS 7.5
CVE-2019-20637 [HIGH] varnish vulnerabilities
varnish vulnerabilities
It was dicovered that Varnish Cache did not clear a pointer between the
handling of one client request and the next request within the same connection.
A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2019-20637)
It was discovered that Varnish Cache could have an assertion failure when a
TLS termination proxy uses PROXY version 2. A remote attacker could possibly
use this issue to restart the daemon and cause a performance loss.
(CVE-2020-11653)
It was discovered that Varnish Cache allowed request smuggling and VCL
authorization bypass via a large Content-Length header for a POST
request. A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2021-36740)
It was discovered that Varnish Cache allo
GHSA
GHSA-fcqv-r8cv-f88h: In Varnish Cache before 6
ghsa_unreviewed·2022-02-08
CVE-2022-23959 [CRITICAL] CWE-444 GHSA-fcqv-r8cv-f88h: In Varnish Cache before 6
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
OSV
CVE-2022-23959: In Varnish Cache before 6
osv·2022-01-26·CVSS 9.1
CVE-2022-23959 [CRITICAL] CVE-2022-23959: In Varnish Cache before 6
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Ubuntu
Varnish Cache vulnerabilities
vendor_ubuntu·2022-06-08·CVSS 7.5
CVE-2021-36740 [HIGH] Varnish Cache vulnerabilities
Title: Varnish Cache vulnerabilities
Summary: Several security issues were fixed in Varnish Cache.
It was dicovered that Varnish Cache did not clear a pointer between the
handling of one client request and the next request within the same connection.
A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2019-20637)
It was discovered that Varnish Cache could have an assertion failure when a
TLS termination proxy uses PROXY version 2. A remote attacker could possibly
use this issue to restart the daemon and cause a performance loss.
(CVE-2020-11653)
It was discovered that Varnish Cache allowed request smuggling and VCL
authorization bypass via a large Content-Length header for a POST
request. A remote attacker could possibly use this issue to obtain sensit
Red Hat
varnish: HTTP/1 request smuggling vulnerability
vendor_redhat·2022-01-25·CVSS 9.1
CVE-2022-23959 [CRITICAL] CWE-444 varnish: HTTP/1 request smuggling vulnerability
varnish: HTTP/1 request smuggling vulnerability
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language (VCL) processing since the Varnish server treats it as an additional request.
Mitigation: This issue can be mitigated by ensuring that the Varnish server does not allow connection reuse on HTTP/1 client connections once a request body has been seen on the connection. This requires changes in the V
Debian
CVE-2022-23959: varnish - In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before...
vendor_debian·2022·CVSS 9.1
CVE-2022-23959 [CRITICAL] CVE-2022-23959: varnish - In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before...
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Scope: local
bookworm: resolved (fixed in 7.1.0-5)
bullseye: resolved (fixed in 6.5.1-1+deb11u2)
forky: resolved (fixed in 7.1.0-5)
sid: resolved (fixed in 7.1.0-5)
trixie: resolved (fixed in 7.1.0-5)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.varnish-software.com/security/VSV00008/https://lists.debian.org/debian-lts-announce/2022/02/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/https://varnish-cache.org/security/VSV00008.htmlhttps://www.debian.org/security/2022/dsa-5088https://docs.varnish-software.com/security/VSV00008/https://lists.debian.org/debian-lts-announce/2022/02/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/https://varnish-cache.org/security/VSV00008.htmlhttps://www.debian.org/security/2022/dsa-5088
2022-01-26
Published