CVE-2022-45060

Опубликовано: 09 нояб. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected
esm-apps/bionic	released	5.2.1-1ubuntu0.1+esm1
esm-apps/focal	released	6.2.1-2ubuntu0.2+esm1
esm-apps/jammy	released	6.6.1-1ubuntu0.2+esm1
esm-apps/noble	not-affected	7.1.1-1.1
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
focal	ignored	end of standard support, was needed
jammy	needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 55%

0.00329

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-45060

CVSS3: 7.5

redhat

больше 2 лет назад

CVE-2022-45060

CVSS3: 7.5

nvd

больше 2 лет назад

CVE-2022-45060

CVSS3: 7.5

debian

больше 2 лет назад

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and ...

RLSA-2022:8649

rocky

больше 2 лет назад

Important: varnish:6 security update

RLSA-2022:8643

rocky

больше 2 лет назад

Important: varnish security update

EPSS

Процентиль: 55%

0.00329

Низкий

7.5 High

CVSS3

CVE-2022-45060

Описание

Пакет varnish

Ссылки на источники

Связанные уязвимости