7.5 CVE-2022-45060

 

Ein HTTP Request Forgery Problem wurde in Varnish Cache 5.x und 6.x vor 6.0.11, 7.x vor 7.1.2 und 7.2.x vor 7.2.1 entdeckt. Ein Angreifer kann über HTTP/2-Pseudo-Header Zeichen einführen, die im Kontext einer HTTP/1-Anfragezeile ungültig sind, was den Varnish-Server dazu veranlasst, ungültige HTTP/1-Anfragen an das Backend zu stellen. Dies könnte wiederum genutzt werden, um Schwachstellen in einem Server hinter dem Varnish-Server auszunutzen. Hinweis: Die 6.0.x LTS-Serie (vor 6.0.11) ist betroffen.
https://nvd.nist.gov/vuln/detail/CVE-2022-45060

Kategorien

CWE-NVD-noinfo

Referenzen

FEDORA

FEDORA-2022-0d5dcc031e
Mailing List Third Party Advisory
FEDORA-2022-babfbc2622
Mailing List Third Party Advisory
FEDORA-2022-99c5ddb2ae
Mailing List Third Party Advisory

MISC

_MLIST


 

CPE

cpe start ende
Configuration 1
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r1:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:* >= 7.0.0 < 7.1.2
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r0:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.2:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r9:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r10:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:* >= 5.0.0 < 6.0.11
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r9:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:* >= 6.0.0 < 6.0.11
Configuration 2
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Configuration 3
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Exploits

Exploit-db.com
id beschreibung datum
Keine bekannten Exploits
Andere (github, ...)
Url
Keine bekannten Exploits

CAPEC

id beschreibung schweregrad
Kein Eintrag

Sherlock® flash

Machen Sie mit wenigen Klicks ein Foto von Ihrem Computernetzwerk !

Mit der Sherlock® flash Audit-Lösung können Sie ein Audit durchführen, um die Sicherheit Ihres Computerbestands zu erhöhen. Scannen Sie Ihre physischen und virtuellen Geräte auf Schwachstellen. Planung von Patches nach Priorität und verfügbarer Zeit. Detaillierte und intuitive Berichte.

Entdecke dieses Angebot

Sherlock® flash: Erste Lösung für sofortige Cybersicherheitsprüfung