CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2022-45060 – varnish: Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2022-45060
09 Nov 2022 — An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. Se descubrió un problema d... • https://docs.varnish-software.com/security/VSV00011 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2022-23959 – varnish: HTTP/1 request smuggling vulnerability
https://notcve.org/view.php?id=CVE-2022-23959
26 Jan 2022 — In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. En Varnish Cache versiones anteriores a 6.6.2 y 7.x versiones anteriores a 7.0.2, Varnish Cache 6.0 LTS versiones anteriores a 6.0.10, y Varnish Enterprise (Cache Plus) 4.1.x versiones anteriores a 4.1.11r6 y 6.0.x versiones anteriores a 6.0.9r4, puede producirse contrabando de peti... • https://docs.varnish-software.com/security/VSV00008 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •