Vulnerability Details CVE-2021-36740
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.4
References
- https://docs.varnish-software.com/security/VSV00007/
- https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be
- https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/
- https://varnish-cache.org/security/VSV00007.html
- https://www.debian.org/security/2022/dsa-5088
- https://docs.varnish-software.com/security/VSV00007/
- https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be
- https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/
- https://varnish-cache.org/security/VSV00007.html
- https://www.debian.org/security/2022/dsa-5088
Products affected by CVE-2021-36740
-
cpe:2.3:a:varnish-cache:varnish_cache:*
-
cpe:2.3:a:varnish-cache:varnish_cache:6.0.8
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.0
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.1
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.2
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.3
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.4
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.5
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.6
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.7
-
cpe:2.3:a:varnish_cache_project:varnish_cache:5.0.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.1
-
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.2
-
cpe:2.3:a:varnish_cache_project:varnish_cache:5.1.3
-
cpe:2.3:a:varnish_cache_project:varnish_cache:5.2.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:5.2.1
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.1.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.1.1
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.2.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.2.1
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.2.2
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.2.3
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.3.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.3.1
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.3.2
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.4.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.5.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.5.1
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.5.2
-
cpe:2.3:a:varnish_cache_project:varnish_cache:6.6.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:fedoraproject:fedora:34