Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-23959

Source

Debian Bug report logs - #1004433
CVE-2022-23959: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability

Package: varnish; Maintainer for varnish is Varnish Package Maintainers <team+varnish-team@tracker.debian.org>; Source for varnish is src:varnish (PTS, buildd, popcon).

Reported by: Andreas Unterkircher <unki@netshadow.net>

Date: Thu, 27 Jan 2022 15:45:01 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in versions varnish/6.1.1-1+deb10u1, varnish/6.5.1-1, varnish/6.6.1-1, varnish/6.1.1-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Varnish Package Maintainers <team+varnish-team@tracker.debian.org>:
Bug#1004433; Package varnish. (Thu, 27 Jan 2022 15:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Andreas Unterkircher <unki@netshadow.net>:
New Bug report received and forwarded. Copy sent to Varnish Package Maintainers <team+varnish-team@tracker.debian.org>. (Thu, 27 Jan 2022 15:45:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: varnish
Severity: normal

Hello!

There is a new vendor-announcement regarding a request smuggling attack 
- this time affects HTTP/1 connections. It's apparently affecting all 
versions >= Stretch.

https://varnish-cache.org/security/VSV00008.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959

Best Regards,
Andreas

Added tag(s) security, fixed-upstream, and upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 27 Jan 2022 22:21:06 GMT) (full text, mbox, link).

Severity set to 'important' from 'normal' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 27 Jan 2022 22:21:06 GMT) (full text, mbox, link).

Marked as found in versions varnish/6.6.1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 27 Jan 2022 22:21:07 GMT) (full text, mbox, link).

Marked as found in versions varnish/6.5.1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 27 Jan 2022 22:21:07 GMT) (full text, mbox, link).

Marked as found in versions varnish/6.1.1-1+deb10u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 27 Jan 2022 22:21:08 GMT) (full text, mbox, link).

Marked as found in versions varnish/6.1.1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 27 Jan 2022 22:21:08 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 28 16:18:11 2022; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-23959: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability

Debian Bug report logs - #1004433
CVE-2022-23959: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability

Vulmon Search

About

Products

Connect

CVE-2022-23959: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability

Debian Bug report logs - #1004433 CVE-2022-23959: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability

Vulmon Search

About

Products

Connect

Debian Bug report logs - #1004433
CVE-2022-23959: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability