In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
References
Link | Resource |
---|---|
https://docs.varnish-software.com/security/VSV00008/ | Mitigation Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/ | |
https://varnish-cache.org/security/VSV00008.html | Mitigation Vendor Advisory |
https://www.debian.org/security/2022/dsa-5088 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-01-26T00:38:55
Updated: 2022-03-04T12:06:15
Reserved: 2022-01-26T00:00:00
Link: CVE-2022-23959
JSON object: View
NVD Information
Status : Modified
Published: 2022-01-26T01:15:07.900
Modified: 2023-11-07T03:44:21.293
Link: CVE-2022-23959
JSON object: View
Redhat Information
No data.
CWE