Vulnerability Details CVE-2022-23959
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.5%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://docs.varnish-software.com/security/VSV00008/
- https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/
- https://varnish-cache.org/security/VSV00008.html
- https://www.debian.org/security/2022/dsa-5088
- https://docs.varnish-software.com/security/VSV00008/
- https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/
- https://varnish-cache.org/security/VSV00008.html
- https://www.debian.org/security/2022/dsa-5088
Products affected by CVE-2022-23959
-
cpe:2.3:a:varnish-software:varnich_cache:1.0.1
-
cpe:2.3:a:varnish-software:varnich_cache:1.0.2
-
cpe:2.3:a:varnish-software:varnich_cache:1.0.3
-
cpe:2.3:a:varnish-software:varnich_cache:1.0.4
-
cpe:2.3:a:varnish-software:varnich_cache:1.1
-
cpe:2.3:a:varnish-software:varnich_cache:1.1.1
-
cpe:2.3:a:varnish-software:varnich_cache:1.1.2
-
cpe:2.3:a:varnish-software:varnich_cache:2.0
-
cpe:2.3:a:varnish-software:varnich_cache:2.0.1
-
cpe:2.3:a:varnish-software:varnich_cache:2.0.2
-
cpe:2.3:a:varnish-software:varnich_cache:2.0.3
-
cpe:2.3:a:varnish-software:varnich_cache:2.0.4
-
cpe:2.3:a:varnish-software:varnich_cache:2.0.5
-
cpe:2.3:a:varnish-software:varnich_cache:2.0.6
-
cpe:2.3:a:varnish-software:varnich_cache:2.1.0
-
cpe:2.3:a:varnish-software:varnich_cache:2.1.1
-
cpe:2.3:a:varnish-software:varnich_cache:2.1.2
-
cpe:2.3:a:varnish-software:varnich_cache:2.1.3
-
cpe:2.3:a:varnish-software:varnich_cache:2.1.4
-
cpe:2.3:a:varnish-software:varnich_cache:2.1.5
-
cpe:2.3:a:varnish-software:varnich_cache:3.0.0
-
cpe:2.3:a:varnish-software:varnich_cache:3.0.1
-
cpe:2.3:a:varnish-software:varnich_cache:3.0.2
-
cpe:2.3:a:varnish-software:varnich_cache:3.0.3
-
cpe:2.3:a:varnish-software:varnich_cache:3.0.4
-
cpe:2.3:a:varnish-software:varnich_cache:3.0.5
-
cpe:2.3:a:varnish-software:varnich_cache:3.0.6
-
cpe:2.3:a:varnish-software:varnich_cache:3.0.7
-
cpe:2.3:a:varnish-software:varnich_cache:4.0.0
-
cpe:2.3:a:varnish-software:varnich_cache:4.0.1
-
cpe:2.3:a:varnish-software:varnich_cache:4.0.2
-
cpe:2.3:a:varnish-software:varnich_cache:4.0.3
-
cpe:2.3:a:varnish-software:varnich_cache:4.0.4
-
cpe:2.3:a:varnish-software:varnich_cache:4.0.5
-
cpe:2.3:a:varnish-software:varnich_cache:4.1
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.0
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.1
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.10
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.11
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.11r5
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.2
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.3
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.4
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.5
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.6
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.7
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.8
-
cpe:2.3:a:varnish-software:varnich_cache:4.1.9
-
cpe:2.3:a:varnish-software:varnich_cache:5.0.0
-
cpe:2.3:a:varnish-software:varnich_cache:5.1.0
-
cpe:2.3:a:varnish-software:varnich_cache:5.1.1
-
cpe:2.3:a:varnish-software:varnich_cache:5.1.2
-
cpe:2.3:a:varnish-software:varnich_cache:5.1.3
-
cpe:2.3:a:varnish-software:varnich_cache:5.2.0
-
cpe:2.3:a:varnish-software:varnich_cache:5.2.1
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.0
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.1
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.10
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.2
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.3
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.4
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.5
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.6
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.7
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.8
-
cpe:2.3:a:varnish-software:varnich_cache:6.0.9
-
cpe:2.3:a:varnish-software:varnich_cache:6.1.0
-
cpe:2.3:a:varnish-software:varnich_cache:6.1.1
-
cpe:2.3:a:varnish-software:varnich_cache:6.2.0
-
cpe:2.3:a:varnish-software:varnich_cache:6.2.1
-
cpe:2.3:a:varnish-software:varnich_cache:6.2.2
-
cpe:2.3:a:varnish-software:varnich_cache:6.2.3
-
cpe:2.3:a:varnish-software:varnich_cache:6.3.0
-
cpe:2.3:a:varnish-software:varnich_cache:6.3.1
-
cpe:2.3:a:varnish-software:varnich_cache:6.3.2
-
cpe:2.3:a:varnish-software:varnich_cache:6.4.0
-
cpe:2.3:a:varnish-software:varnich_cache:6.5.0
-
cpe:2.3:a:varnish-software:varnich_cache:6.5.1
-
cpe:2.3:a:varnish-software:varnich_cache:6.5.2
-
cpe:2.3:a:varnish-software:varnich_cache:6.6.0
-
cpe:2.3:a:varnish-software:varnich_cache:6.6.1
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.0
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.1
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.2
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.3
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.4
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.5
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.6
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.7
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.8
-
cpe:2.3:a:varnish-software:varnish_cache:6.0.9
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.2
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8
-
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9
-
cpe:2.3:a:varnish_cache_project:varnish_cache:7.0.0
-
cpe:2.3:a:varnish_cache_project:varnish_cache:7.0.1
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:35