7.5 CVE-2022-45060

Ein HTTP Request Forgery Problem wurde in Varnish Cache 5.x und 6.x vor 6.0.11, 7.x vor 7.1.2 und 7.2.x vor 7.2.1 entdeckt. Ein Angreifer kann über HTTP/2-Pseudo-Header Zeichen einführen, die im Kontext einer HTTP/1-Anfragezeile ungültig sind, was den Varnish-Server dazu veranlasst, ungültige HTTP/1-Anfragen an das Backend zu stellen. Dies könnte wiederum genutzt werden, um Schwachstellen in einem Server hinter dem Varnish-Server auszunutzen. Hinweis: Die 6.0.x LTS-Serie (vor 6.0.11) ist betroffen.
https://nvd.nist.gov/vuln/detail/CVE-2022-45060

Kategorien

CWE-NVD-noinfo

Referenzen

FEDORA

FEDORA-2022-0d5dcc031e Mailing List Third Party Advisory
FEDORA-2022-babfbc2622 Mailing List Third Party Advisory
FEDORA-2022-99c5ddb2ae Mailing List Third Party Advisory

MISC

https://docs.varnish-software.com/security/VSV00011 Mitigation Vendor Advisory
https://varnish-cache.org/security/VSV00011.html Mitigation Vendor Advisory

_MLIST

[debian-lts-announce] 20221127 [SECURITY] [DLA 3208-1] varnish security update Mailing List Third Party Advisory

CPE

cpe	start	ende
Configuration 1
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r1::::::
cpe:2.3:a:varnish_cache_project:varnish_cache:7.2.0:::::::*
cpe:2.3:a:varnish_cache_project:varnish_cache::::::::	>= 7.0.0	< 7.1.2
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:-::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r0::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.2:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r6::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r7::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r8::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r9::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r10::::::
cpe:2.3:a:varnish_cache_project:varnish_cache::::::::	>= 5.0.0	< 6.0.11
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r6::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r7::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r8::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r9::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r6::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r7::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r6::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r7::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r1::::::
cpe:2.3:a:varnish-software:varnish_cache:::::lts:::*	>= 6.0.0	< 6.0.11
Configuration 2
cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*
Configuration 3
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Exploits

Exploit-db.com

id	beschreibung	datum
Keine bekannten Exploits

Andere (github, ...)

Url
Keine bekannten Exploits

CAPEC

id	beschreibung	schweregrad
Kein Eintrag

Sherlock® flash

Machen Sie mit wenigen Klicks ein Foto von Ihrem Computernetzwerk !

Mit der Sherlock® flash Audit-Lösung können Sie ein Audit durchführen, um die Sicherheit Ihres Computerbestands zu erhöhen. Scannen Sie Ihre physischen und virtuellen Geräte auf Schwachstellen. Planung von Patches nach Priorität und verfügbarer Zeit. Detaillierte und intuitive Berichte.

Entdecke dieses Angebot

Sherlock® flash: Erste Lösung für sofortige Cybersicherheitsprüfung

cpe	start	ende
Configuration 1
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r1::::::
cpe:2.3:a:varnish_cache_project:varnish_cache:7.2.0:::::::*
cpe:2.3:a:varnish_cache_project:varnish_cache::::::::	>= 7.0.0	< 7.1.2
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:-::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r0::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.2:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r6::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r7::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r8::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r9::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r10::::::
cpe:2.3:a:varnish_cache_project:varnish_cache::::::::	>= 5.0.0	< 6.0.11
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r6::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r7::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r8::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r9::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r6::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r7::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r1::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r2::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r3::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r4::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r5::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r6::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r7::::::
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r1::::::
cpe:2.3:a:varnish-software:varnish_cache:::::lts:::*	>= 6.0.0	< 6.0.11
Configuration 2
cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*
Configuration 3
cpe:2.3:o:debian:debian_linux:10.0:::::::*