CVE Vulnerabilities

CVE-2022-45060

Published: Nov 09, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
MEDIUM

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

Affected Software

Name Vendor Start Version End Version
Varnish_cache Varnish-software 6.0.0 (including) 6.0.11 (excluding)
Varnish_cache_plus Varnish-software 6.0.0 (including) 6.0.0 (including)
Varnish_cache_plus Varnish-software 6.0.0-r0 (including) 6.0.0-r0 (including)
Varnish_cache_plus Varnish-software 6.0.0-r1 (including) 6.0.0-r1 (including)
Varnish_cache_plus Varnish-software 6.0.0-r2 (including) 6.0.0-r2 (including)
Varnish_cache_plus Varnish-software 6.0.1-r1 (including) 6.0.1-r1 (including)
Varnish_cache_plus Varnish-software 6.0.1-r2 (including) 6.0.1-r2 (including)
Varnish_cache_plus Varnish-software 6.0.1-r3 (including) 6.0.1-r3 (including)
Varnish_cache_plus Varnish-software 6.0.1-r4 (including) 6.0.1-r4 (including)
Varnish_cache_plus Varnish-software 6.0.1-r5 (including) 6.0.1-r5 (including)
Varnish_cache_plus Varnish-software 6.0.2-r1 (including) 6.0.2-r1 (including)
Varnish_cache_plus Varnish-software 6.0.3-r1 (including) 6.0.3-r1 (including)
Varnish_cache_plus Varnish-software 6.0.3-r2 (including) 6.0.3-r2 (including)
Varnish_cache_plus Varnish-software 6.0.3-r3 (including) 6.0.3-r3 (including)
Varnish_cache_plus Varnish-software 6.0.3-r4 (including) 6.0.3-r4 (including)
Varnish_cache_plus Varnish-software 6.0.3-r5 (including) 6.0.3-r5 (including)
Varnish_cache_plus Varnish-software 6.0.3-r6 (including) 6.0.3-r6 (including)
Varnish_cache_plus Varnish-software 6.0.3-r7 (including) 6.0.3-r7 (including)
Varnish_cache_plus Varnish-software 6.0.3-r8 (including) 6.0.3-r8 (including)
Varnish_cache_plus Varnish-software 6.0.3-r9 (including) 6.0.3-r9 (including)
Varnish_cache_plus Varnish-software 6.0.4-r1 (including) 6.0.4-r1 (including)
Varnish_cache_plus Varnish-software 6.0.4-r2 (including) 6.0.4-r2 (including)
Varnish_cache_plus Varnish-software 6.0.4-r3 (including) 6.0.4-r3 (including)
Varnish_cache_plus Varnish-software 6.0.5-r1 (including) 6.0.5-r1 (including)
Varnish_cache_plus Varnish-software 6.0.5-r2 (including) 6.0.5-r2 (including)
Varnish_cache_plus Varnish-software 6.0.5-r3 (including) 6.0.5-r3 (including)
Varnish_cache_plus Varnish-software 6.0.6-r1 (including) 6.0.6-r1 (including)
Varnish_cache_plus Varnish-software 6.0.6-r10 (including) 6.0.6-r10 (including)
Varnish_cache_plus Varnish-software 6.0.6-r2 (including) 6.0.6-r2 (including)
Varnish_cache_plus Varnish-software 6.0.6-r3 (including) 6.0.6-r3 (including)
Varnish_cache_plus Varnish-software 6.0.6-r4 (including) 6.0.6-r4 (including)
Varnish_cache_plus Varnish-software 6.0.6-r5 (including) 6.0.6-r5 (including)
Varnish_cache_plus Varnish-software 6.0.6-r6 (including) 6.0.6-r6 (including)
Varnish_cache_plus Varnish-software 6.0.6-r7 (including) 6.0.6-r7 (including)
Varnish_cache_plus Varnish-software 6.0.6-r8 (including) 6.0.6-r8 (including)
Varnish_cache_plus Varnish-software 6.0.6-r9 (including) 6.0.6-r9 (including)
Varnish_cache_plus Varnish-software 6.0.7-r1 (including) 6.0.7-r1 (including)
Varnish_cache_plus Varnish-software 6.0.7-r2 (including) 6.0.7-r2 (including)
Varnish_cache_plus Varnish-software 6.0.7-r3 (including) 6.0.7-r3 (including)
Varnish_cache_plus Varnish-software 6.0.8-r1 (including) 6.0.8-r1 (including)
Varnish_cache_plus Varnish-software 6.0.8-r2 (including) 6.0.8-r2 (including)
Varnish_cache_plus Varnish-software 6.0.8-r3 (including) 6.0.8-r3 (including)
Varnish_cache_plus Varnish-software 6.0.8-r4 (including) 6.0.8-r4 (including)
Varnish_cache_plus Varnish-software 6.0.8-r5 (including) 6.0.8-r5 (including)
Varnish_cache_plus Varnish-software 6.0.8-r6 (including) 6.0.8-r6 (including)
Varnish_cache_plus Varnish-software 6.0.8-r7 (including) 6.0.8-r7 (including)
Varnish_cache_plus Varnish-software 6.0.9-r1 (including) 6.0.9-r1 (including)
Varnish_cache_plus Varnish-software 6.0.9-r2 (including) 6.0.9-r2 (including)
Varnish_cache_plus Varnish-software 6.0.9-r3 (including) 6.0.9-r3 (including)
Varnish_cache_plus Varnish-software 6.0.9-r4 (including) 6.0.9-r4 (including)
Varnish_cache_plus Varnish-software 6.0.9-r5 (including) 6.0.9-r5 (including)
Varnish_cache_plus Varnish-software 6.0.9-r6 (including) 6.0.9-r6 (including)
Varnish_cache_plus Varnish-software 6.0.9-r7 (including) 6.0.9-r7 (including)
Varnish_cache_plus Varnish-software 6.0.10-r1 (including) 6.0.10-r1 (including)
Varnish_cache_plus Varnish-software 6.0.10-r2 (including) 6.0.10-r2 (including)
Varnish_cache Varnish_cache_project 5.0.0 (including) 6.0.11 (excluding)
Varnish_cache Varnish_cache_project 7.0.0 (including) 7.1.2 (excluding)
Varnish_cache Varnish_cache_project 7.2.0 (including) 7.2.0 (including)
Red Hat Enterprise Linux 8 RedHat varnish:6-8070020221114151716.bd1311ed *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat varnish:6-8010020221114160433.c27ad7f8 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat varnish:6-8020020221114155218.4cda2c84 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat varnish:6-8020020221114155218.4cda2c84 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat varnish:6-8020020221114155218.4cda2c84 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat varnish:6-8040020221114153543.522a0ee4 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat varnish:6-8060020221114152527.ad008a3a *
Red Hat Enterprise Linux 9 RedHat varnish-0:6.6.2-2.el9_1.1 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat varnish-0:6.6.2-2.el9_0.1 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-varnish6-varnish-0:6.0.8-2.el7.2 *
Varnish Ubuntu bionic *
Varnish Ubuntu kinetic *
Varnish Ubuntu lunar *
Varnish Ubuntu mantic *
Varnish Ubuntu trusty *
Varnish Ubuntu trusty/esm *
Varnish Ubuntu xenial *

References