CVE-2022-23959
Published Jan 26, 2022
Last updated a year ago
Overview
- Description
- In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-444
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46189326-29F3-4641-ADB0-5355B69776D1",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:plus:*:*:*",
"vulnerable": true,
"matchCriteriaId": "409748DC-967D-4843-8FE4-E06F75A4B459",
"versionEndExcluding": "4.1.11r6",
"versionStartIncluding": "4.1.1"
},
{
"criteria": "cpe:2.3:a:varnish-software:varnich_cache:4.1:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EE19451-5DA3-4F4B-B972-13ED93EE4446"
},
{
"criteria": "cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C4F2BA4-3275-4365-9F41-0D04320C383A",
"versionEndExcluding": "6.0.10",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:varnish-software:varnish_cache_plus:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16AE4401-F65C-4246-98AA-AAAAEFA97D73",
"versionEndExcluding": "6.0.9r4",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E0E1405-62BB-446D-A04B-0A312FB81E3E",
"versionEndExcluding": "7.0.2",
"versionStartIncluding": "7.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]