Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-45060

Опубликовано: 09 нояб. 2022
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
Версия от 6.0.0 (включая) до 6.0.11 (исключая)
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r0:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.2:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r9:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r10:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r9:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r2:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
Версия от 5.0.0 (включая) до 6.0.11 (исключая)
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.1.2 (исключая)
cpe:2.3:a:varnish_cache_project:varnish_cache:7.2.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.00329
Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2022-45060

CVSS3: 7.5
ubuntu
больше 2 лет назад

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

redhat логотип

CVE-2022-45060

CVSS3: 7.5
redhat
больше 2 лет назад

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

debian логотип

CVE-2022-45060

CVSS3: 7.5
debian
больше 2 лет назад

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and ...

rocky логотип

RLSA-2022:8649

rocky
больше 2 лет назад

Important: varnish:6 security update

rocky логотип

RLSA-2022:8643

rocky
больше 2 лет назад

Important: varnish security update

EPSS

Процентиль: 55%
0.00329
Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-20