Описание
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | not-affected | 6.5.2-1 |
| esm-apps/bionic | not-affected | |
| esm-apps/focal | released | 6.2.1-2ubuntu0.1 |
| esm-apps/jammy | not-affected | 6.5.2-1 |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| focal | released | 6.2.1-2ubuntu0.1 |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
6.4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
EPSS
6.4 Medium
CVSS2
6.5 Medium
CVSS3