An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Varnish_cache | Varnish-software | 6.0.0 (including) | 6.0.11 (excluding) |
Varnish_cache_plus | Varnish-software | 6.0.0 (including) | 6.0.0 (including) |
Varnish_cache_plus | Varnish-software | 6.0.0-r0 (including) | 6.0.0-r0 (including) |
Varnish_cache_plus | Varnish-software | 6.0.0-r1 (including) | 6.0.0-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.0-r2 (including) | 6.0.0-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.1-r1 (including) | 6.0.1-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.1-r2 (including) | 6.0.1-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.1-r3 (including) | 6.0.1-r3 (including) |
Varnish_cache_plus | Varnish-software | 6.0.1-r4 (including) | 6.0.1-r4 (including) |
Varnish_cache_plus | Varnish-software | 6.0.1-r5 (including) | 6.0.1-r5 (including) |
Varnish_cache_plus | Varnish-software | 6.0.2-r1 (including) | 6.0.2-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r1 (including) | 6.0.3-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r2 (including) | 6.0.3-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r3 (including) | 6.0.3-r3 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r4 (including) | 6.0.3-r4 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r5 (including) | 6.0.3-r5 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r6 (including) | 6.0.3-r6 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r7 (including) | 6.0.3-r7 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r8 (including) | 6.0.3-r8 (including) |
Varnish_cache_plus | Varnish-software | 6.0.3-r9 (including) | 6.0.3-r9 (including) |
Varnish_cache_plus | Varnish-software | 6.0.4-r1 (including) | 6.0.4-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.4-r2 (including) | 6.0.4-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.4-r3 (including) | 6.0.4-r3 (including) |
Varnish_cache_plus | Varnish-software | 6.0.5-r1 (including) | 6.0.5-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.5-r2 (including) | 6.0.5-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.5-r3 (including) | 6.0.5-r3 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r1 (including) | 6.0.6-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r10 (including) | 6.0.6-r10 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r2 (including) | 6.0.6-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r3 (including) | 6.0.6-r3 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r4 (including) | 6.0.6-r4 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r5 (including) | 6.0.6-r5 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r6 (including) | 6.0.6-r6 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r7 (including) | 6.0.6-r7 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r8 (including) | 6.0.6-r8 (including) |
Varnish_cache_plus | Varnish-software | 6.0.6-r9 (including) | 6.0.6-r9 (including) |
Varnish_cache_plus | Varnish-software | 6.0.7-r1 (including) | 6.0.7-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.7-r2 (including) | 6.0.7-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.7-r3 (including) | 6.0.7-r3 (including) |
Varnish_cache_plus | Varnish-software | 6.0.8-r1 (including) | 6.0.8-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.8-r2 (including) | 6.0.8-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.8-r3 (including) | 6.0.8-r3 (including) |
Varnish_cache_plus | Varnish-software | 6.0.8-r4 (including) | 6.0.8-r4 (including) |
Varnish_cache_plus | Varnish-software | 6.0.8-r5 (including) | 6.0.8-r5 (including) |
Varnish_cache_plus | Varnish-software | 6.0.8-r6 (including) | 6.0.8-r6 (including) |
Varnish_cache_plus | Varnish-software | 6.0.8-r7 (including) | 6.0.8-r7 (including) |
Varnish_cache_plus | Varnish-software | 6.0.9-r1 (including) | 6.0.9-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.9-r2 (including) | 6.0.9-r2 (including) |
Varnish_cache_plus | Varnish-software | 6.0.9-r3 (including) | 6.0.9-r3 (including) |
Varnish_cache_plus | Varnish-software | 6.0.9-r4 (including) | 6.0.9-r4 (including) |
Varnish_cache_plus | Varnish-software | 6.0.9-r5 (including) | 6.0.9-r5 (including) |
Varnish_cache_plus | Varnish-software | 6.0.9-r6 (including) | 6.0.9-r6 (including) |
Varnish_cache_plus | Varnish-software | 6.0.9-r7 (including) | 6.0.9-r7 (including) |
Varnish_cache_plus | Varnish-software | 6.0.10-r1 (including) | 6.0.10-r1 (including) |
Varnish_cache_plus | Varnish-software | 6.0.10-r2 (including) | 6.0.10-r2 (including) |
Varnish_cache | Varnish_cache_project | 5.0.0 (including) | 6.0.11 (excluding) |
Varnish_cache | Varnish_cache_project | 7.0.0 (including) | 7.1.2 (excluding) |
Varnish_cache | Varnish_cache_project | 7.2.0 (including) | 7.2.0 (including) |
Red Hat Enterprise Linux 8 | RedHat | varnish:6-8070020221114151716.bd1311ed | * |
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | RedHat | varnish:6-8010020221114160433.c27ad7f8 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | varnish:6-8020020221114155218.4cda2c84 | * |
Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | varnish:6-8020020221114155218.4cda2c84 | * |
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | varnish:6-8020020221114155218.4cda2c84 | * |
Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | varnish:6-8040020221114153543.522a0ee4 | * |
Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | varnish:6-8060020221114152527.ad008a3a | * |
Red Hat Enterprise Linux 9 | RedHat | varnish-0:6.6.2-2.el9_1.1 | * |
Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | varnish-0:6.6.2-2.el9_0.1 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-varnish6-varnish-0:6.0.8-2.el7.2 | * |
Varnish | Ubuntu | bionic | * |
Varnish | Ubuntu | kinetic | * |
Varnish | Ubuntu | lunar | * |
Varnish | Ubuntu | mantic | * |
Varnish | Ubuntu | trusty | * |
Varnish | Ubuntu | trusty/esm | * |
Varnish | Ubuntu | xenial | * |