CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:-:*:*:*
cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:plus:*:*:*
cpe:2.3:a:varnish-software:varnich_cache:4.1:*:*:*:lts:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () https://docs.varnish-software.com/security/VSV00008/ - Mitigation, Vendor Advisory () https://docs.varnish-software.com/security/VSV00008/ - Mitigation, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/ -
References () https://varnish-cache.org/security/VSV00008.html - Mitigation, Vendor Advisory () https://varnish-cache.org/security/VSV00008.html - Mitigation, Vendor Advisory
References () https://www.debian.org/security/2022/dsa-5088 - Third Party Advisory () https://www.debian.org/security/2022/dsa-5088 - Third Party Advisory

02 Aug 2022, 19:35

Type Values Removed Values Added
CPE cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:lts:*:*:* cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*

17 Mar 2022, 16:23

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5088 - (DEBIAN) https://www.debian.org/security/2022/dsa-5088 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/ - Mailing List, Third Party Advisory

04 Mar 2022, 13:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5088 -

16 Feb 2022, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/ -

14 Feb 2022, 12:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html -

07 Feb 2022, 18:16

Type Values Removed Values Added
CWE CWE-444
CVSS v2 : unknown
v3 : unknown
v2 : 6.4
v3 : 9.1
CPE cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:lts:*:*:*
cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:plus:*:*:*
cpe:2.3:a:varnish-software:varnich_cache:4.1:*:*:*:lts:*:*:*
cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:-:*:*:*
References (MISC) https://docs.varnish-software.com/security/VSV00008/ - (MISC) https://docs.varnish-software.com/security/VSV00008/ - Mitigation, Vendor Advisory
References (MISC) https://varnish-cache.org/security/VSV00008.html - (MISC) https://varnish-cache.org/security/VSV00008.html - Mitigation, Vendor Advisory

26 Jan 2022, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-26 01:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-23959

Mitre link : CVE-2022-23959

CVE.ORG link : CVE-2022-23959


JSON object : View

Products Affected

fedoraproject

  • fedora

debian

  • debian_linux

varnish-software

  • varnish_cache
  • varnich_cache
  • varnish_cache_plus

varnish_cache_project

  • varnish_cache
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')