Vulnerability Name: | CVE-2022-23959 (CCN-218219) | ||||||||||||||||||
Assigned: | 2022-01-25 | ||||||||||||||||||
Published: | 2022-01-25 | ||||||||||||||||||
Updated: | 2022-08-02 | ||||||||||||||||||
Summary: | In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | ||||||||||||||||||
CVSS v3 Severity: | 9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) 7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
7.9 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||
CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||||||||||||
Vulnerability Type: | CWE-444 | ||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-23959 Source: MISC Type: Mitigation, Vendor Advisory https://docs.varnish-software.com/security/VSV00008/ Source: XF Type: UNKNOWN varnish-cve202223959-request-smuggling(218219) Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20220214 [SECURITY] [DLA 2920-1] varnish security update Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-2f14ec7663 Source: CCN Type: Varnish Security Advisory VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability Source: MISC Type: Mitigation, Vendor Advisory https://varnish-cache.org/security/VSV00008.html Source: DEBIAN Type: Third Party Advisory DSA-5088 Source: CCN Type: WhiteSource Vulnerability Database CVE-2022-23959 | ||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration RedHat 1: Configuration RedHat 2: Configuration CCN 1: ![]() | ||||||||||||||||||
Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
BACK |