First published: Wed Nov 09 2022(Updated: )
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/varnish | 6.1.1-1+deb10u3 6.1.1-1+deb10u4 6.5.1-1+deb11u3 7.1.1-1.1 | |
Varnish Cache Project Varnish Cache | >=7.0.0<7.1.2 | |
Varnish Cache Project Varnish Cache | =7.2.0 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
>=7.0.0<7.1.2 | ||
=7.2.0 | ||
=35 | ||
=36 | ||
=37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45059 refers to an issue discovered in Varnish Cache, which allows for a request smuggling attack by manipulating certain headers.
CVE-2022-45059 affects Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1, allowing for request smuggling attacks that prevent critical headers from being forwarded to the backend.
The severity of CVE-2022-45059 is high, with a severity value of 7.5.
Varnish Cache 7.x versions before 7.1.2 and 7.2.x versions before 7.2.1 are affected by CVE-2022-45059.
To mitigate CVE-2022-45059, upgrade Varnish Cache to version 7.1.2 or 7.2.1.