Описание
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
A flaw was found in Varnish where a denial of service attack can be performed against Varnish Cache servers by specially formatting the reason phrase of the backend response status line. To execute an attack, the attacker needs the ability to influence the HTTP/1 responses that the Varnish Server receives from its configured backends, causing the Varnish Server to assert and automatically restart.
Меры по смягчению последствий
As mentioned in the upstream security advisory, If upgrading Varnish is not possible, it is possible to mitigate the problem by adding the following snippet at the beginning of the vcl_backend_response VCL function:
By setting the status code to itself as described above, the reason field will automatically be reset to the standard value for the given status code, or “Unknown HTTP Status” if no standard value exists for that code. This would overwrite any existing attack content in the reason field.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | varnish:6/varnish | Not affected | ||
| Red Hat Enterprise Linux 8 | varnish:6/varnish-modules | Not affected | ||
| Red Hat Enterprise Linux 8 | varnish-modules | Not affected | ||
| Red Hat Enterprise Linux 9 | varnish | Not affected | ||
| Red Hat Enterprise Linux 9 | varnish-modules | Not affected | ||
| Red Hat Software Collections | rh-varnish6-jemalloc | Not affected | ||
| Red Hat Software Collections | rh-varnish6-varnish | Not affected | ||
| Red Hat Software Collections | rh-varnish6-varnish-modules | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cau ...
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
EPSS
7.5 High
CVSS3