CVE-2022-23959
CRITICAL9.1EPSS 0.34%varnish - security update
發布日:2022/1/26修改日:2026/4/28
描述
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
受影響套件(4)
- Alpine/varnishfrom 0, < 6.5.2-r1
- Bitnami/varnish>= 7.0.0, < 7.0.2
- Debian/varnishfrom 0, < 6.5.1-1+deb11u2
- Debian/varnishfrom 0, < 5.0.0-7+deb9u3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
參考連結(8)
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2022-23959
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-23959
- WEBhttps://docs.varnish-software.com/security/VSV00008/
- WEBhttps://lists.debian.org/debian-lts-announce/2022/02/msg00014.html
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-23959
- WEBhttps://varnish-cache.org/security/VSV00008.html
- WEBhttps://www.debian.org/security/2022/dsa-5088