Debian Bug report logs -
#1023751
varnish: CVE-2022-45060: VSV00011 Varnish HTTP/2 Request Forgery Vulnerability
Package:
src:varnish;
Maintainer for src:varnish is Varnish Package Maintainers <team+varnish-team@trackerdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 9 Nov 2022 15:12:04 ...
Martin van Kervel Smedshammer discovered that varnish, a state of the
art, high-performance web accelerator, is prone to a HTTP/2 request
forgery vulnerability
See varnish-cacheorg/security/VSV00011html for details
For the stable distribution (bullseye), this problem has been fixed in
version 651-1+deb11u3
We recommend that you upgra ...
Synopsis
Important: varnish:6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Se ...
Synopsis
Important: varnish security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for varnish is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rate ...
Synopsis
Important: varnish:6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upda ...
Synopsis
Important: rh-varnish6-varnish security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for rh-varnish6-varnish is now available for Red Hat Software CollectionsRed Hat Product Security has rate ...
Synopsis
Important: varnish:6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Se ...
Synopsis
Important: varnish:6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterpris ...
Synopsis
Important: varnish:6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat ...
Synopsis
Important: varnish security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for varnish is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a ...
Description<!---->An HTTP Request Forgery issue was discovered in Varnish Cache An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend This could be used to exploit vulnerabilities in a server behind ...