Published: 09/11/2022 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

An issue exists in Varnish Cache 7.x prior to 7.1.2 and 7.2.x prior to 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.

Vulnerable Product	Search on Vulmon	Subscribe to Product
varnish cache project varnish cache 7.2.0
varnish cache project varnish cache
fedoraproject fedora 35
fedoraproject fedora 36
fedoraproject fedora 37

Debian Bug report logs - #1023750 varnish: CVE-2022-45059: VSV00010 Varnish Request Smuggling Vulnerability Package: src:varnish; Maintainer for src:varnish is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 9 Nov 2022 15:12:02 UTC ...

DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in Varnish Cache 7x before 712 and 72x before 721 A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backe ...

CVE-2022-45059-demo Varnish Cache releases 700, 701, 702, 703, 710, 711 and 720 have a request smuggling vulnerability where an attacker can request that the content-length header is made hop-by-hop This is a demo consisting of a Spring Boot web application running behind a vulnerable version of Varnish Cache A "victim" sends requests to the applicatio

Slides, etc from my 2024 Shmoocon talk on Network Layer Confusion

shmoocon2024-talk Slides, etc from my 2024 Shmoocon talk on Network Layer Confusion Slides Direct link YouTube video Google Slides version These don't have the notes (I tried to make them just enhance what I was saying), but hopefully the diagrams are helpful If you want to chat more on these, shoot me an email josh @ 40two org Demos Apologies that none of these have audi

CVE-2022-45059-demo Varnish Cache releases 700, 701, 702, 703, 710, 711 and 720 have a request smuggling vulnerability where an attacker can request that the content-length header is made hop-by-hop This is a demo consisting of a Spring Boot web application running behind a vulnerable version of Varnish Cache A "victim" sends requests to the applicatio

CWE-444 https://varnish-cache.org/security/VSV00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023750 https://nvd.nist.gov https://github.com/jdewald/shmoocon2024-talk https://access.redhat.com/security/cve/cve-2022-45059

CVE-2022-45059

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect