Mageia 8: 2022-0434 Moderate: Varnish Cache HTTP Request Forgery
mageia
November 18, 2022
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1
Summary
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x
before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may
introduce characters through HTTP/2 pseudo-headers that are invalid in the
context of an HTTP/1 request line, causing the Varnish server to produce
invalid HTTP/1 requests to the backend. This could, in turn, be used to
exploit vulnerabilities in a server behind the Varnish server.
(CVE-2022-45060)
References
- https://bugs.mageia.org/show_bug.cgi?id=31121
-
- https://docs.varnish-software.com/security/VSV00011/
- https://www.cve.org/CVERecord?id=CVE-2022-45060
Topics Covered
Resolution
SRPMS
- 8/core/varnish-6.5.1-1.3.mga8
PREVIOUS
NEXT
Publication date: 18 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0434.html
Type: security
CVE: CVE-2022-45060
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!