Количество 12
Количество 12
BDU:2024-03247
Уязвимость кэш-сервера Varnish, связанная с подделкой запросов на стороне сервера, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and ...
RLSA-2022:8649
Important: varnish:6 security update
RLSA-2022:8643
Important: varnish security update
GHSA-78x9-jhxm-553x
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
ELSA-2022-8649
ELSA-2022-8649: varnish:6 security update (IMPORTANT)
ELSA-2022-8643
ELSA-2022-8643: varnish security update (IMPORTANT)
openSUSE-SU-2022:10198-1
Security update for varnish
ROS-20240423-01
Множественные уязвимости varnish
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-03247 Уязвимость кэш-сервера Varnish, связанная с подделкой запросов на стороне сервера, позволяющая нарушителю оказать воздействие на целостность защищаемой информации | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and ... | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | RLSA-2022:8649 Important: varnish:6 security update | 0% Низкий | больше 2 лет назад | |
| RLSA-2022:8643 Important: varnish security update | 0% Низкий | больше 2 лет назад | |
| GHSA-78x9-jhxm-553x An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| ELSA-2022-8649 ELSA-2022-8649: varnish:6 security update (IMPORTANT) | больше 2 лет назад | ||
| ELSA-2022-8643 ELSA-2022-8643: varnish security update (IMPORTANT) | больше 2 лет назад | ||
 | openSUSE-SU-2022:10198-1 Security update for varnish | больше 2 лет назад | ||
 | ROS-20240423-01 Множественные уязвимости varnish | CVSS3: 7.5 | около 1 года назад |
Уязвимостей на страницу