Bugzilla – Bug 1205243
VUL-0: CVE-2022-45059: varnish: HTTP request smuggling via hop-by-hop headers
Last modified: 2022-11-11 21:01:49 UTC
CVE-2022-45059 An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45059 https://www.cve.org/CVERecord?id=CVE-2022-45059 https://varnish-cache.org/security/VSV00010.html
This is an autogenerated message for OBS integration: This bug (1205243) was mentioned in https://build.opensuse.org/request/show/1034900 Backports:SLE-15-SP4 / varnish https://build.opensuse.org/request/show/1034901 Backports:SLE-15-SP5 / varnish
openSUSE-SU-2022:10198-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1205242,1205243 CVE References: CVE-2022-45059,CVE-2022-45060 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): varnish-7.2.1-bp154.2.9.1