Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-36740

Опубликовано: 13 июл. 2021
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Меры по смягчению последствий

This issue can be mitigated by:

  1. Disabling HTTP/2 request support by executing:
sudo varnishadm param.set feature -http2
  1. Disabling backend connection reuse on varnish side, the following rule can be inserted into Varnish configuration:
sub vcl_backend_fetch { set bereq.http.Connection = "close"; }

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9varnishNot affected
Red Hat Enterprise Linux 8varnishFixedRHSA-2021:298802.08.2021
Red Hat Enterprise Linux 8.1 Extended Update SupportvarnishFixedRHSA-2021:298802.08.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportvarnishFixedRHSA-2021:298802.08.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-varnish6-varnishFixedRHSA-2021:299303.08.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-varnish6-varnish-modulesFixedRHSA-2021:299303.08.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSrh-varnish6-varnishFixedRHSA-2021:299303.08.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSrh-varnish6-varnish-modulesFixedRHSA-2021:299303.08.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-444
https://bugzilla.redhat.com/show_bug.cgi?id=1982409varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request

EPSS

Процентиль: 72%
0.00708
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-36740

CVSS3: 6.5
ubuntu
больше 4 лет назад

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

nvd логотип

CVE-2021-36740

CVSS3: 6.5
nvd
больше 4 лет назад

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

debian логотип

CVE-2021-36740

CVSS3: 6.5
debian
больше 4 лет назад

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...

rocky логотип

RLSA-2021:2988

rocky
больше 4 лет назад

Important: varnish:6 security update

github логотип

GHSA-8vxj-gx32-j925

CVSS3: 6.5
github
больше 3 лет назад

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

EPSS

Процентиль: 72%
0.00708
Низкий

8.1 High

CVSS3

Уязвимость CVE-2021-36740