CVE-2022-23959

Debian Bug report logs - #1004433 CVE-2022-23959: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability Package: varnish; Maintainer for varnish is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>; Source for varnish is src:varnish (PTS, buildd, popcon) Reported by: Andreas Unterkircher <unki@netshadow ...

Several security issues were fixed in Varnish Cache ...

Brief introduction CVE-2021-36740 Martin Blix Grydeland discovered that Varnish is vulnerable to request smuggling attacks if the HTTP/2 protocol is enabled CVE-2022-23959 James Kettle discovered a request smuggling attack against the HTTP/1 protocol implementation in Varnish For the oldstable distribution (buster), these probl ...

Synopsis Important: varnish:6 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the varnish:6 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat ...

Synopsis Important: varnish:6 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the varnish:6 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Se ...

Synopsis Important: rh-varnish6-varnish security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-varnish6-varnish is now available for Red Hat Software CollectionsRed Hat Product Security has rate ...

Synopsis Important: varnish:6 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the varnish:6 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Se ...

Synopsis Important: varnish:6 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upda ...

A flaw was found in Varnish This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers This smuggled request goes through the usual Varnish Configuration Language (VCL) processing since the Varnish server treats it as an additional request (CVE-2022-23959) ...

In Varnish Cache before 662 and 7x before 702, Varnish Cache 60 LTS before 6010, and and Varnish Enterprise (Cache Plus) 41x before 4111r6 and 60x before 609r4, request smuggling can occur for HTTP/1 connections ...