CVE-2022-45059

2022-11-0906:15:09

Debian Security Bug Tracker

security-tracker.debian.org

varnish cache

request smuggling

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

47.3%

JSON

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.

OSVersionArchitecturePackageVersionFilename
Debian12allvarnish< 7.1.1-1.1varnish_7.1.1-1.1_all.deb
Debian11allvarnish< 6.5.1-1+deb11u3varnish_6.5.1-1+deb11u3_all.deb
Debian999allvarnish< 7.1.1-1.1varnish_7.1.1-1.1_all.deb
Debian13allvarnish< 7.1.1-1.1varnish_7.1.1-1.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	varnish	< 7.1.1-1.1	varnish_7.1.1-1.1_all.deb
Debian	11	all	varnish	< 6.5.1-1+deb11u3	varnish_6.5.1-1+deb11u3_all.deb
Debian	999	all	varnish	< 7.1.1-1.1	varnish_7.1.1-1.1_all.deb
Debian	13	all	varnish	< 7.1.1-1.1	varnish_7.1.1-1.1_all.deb