Bugzilla – Bug 1205243
VUL-0: CVE-2022-45059: varnish: HTTP request smuggling via hop-by-hop headers
Last modified: 2022-11-11 21:01:49 UTC
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before
7.2.1. A request smuggling attack can be performed on Varnish Cache servers by
requesting that certain headers are made hop-by-hop, preventing the Varnish
Cache servers from forwarding critical headers to the backend.
This is an autogenerated message for OBS integration:
This bug (1205243) was mentioned in
https://build.opensuse.org/request/show/1034900 Backports:SLE-15-SP4 / varnish
https://build.opensuse.org/request/show/1034901 Backports:SLE-15-SP5 / varnish
openSUSE-SU-2022:10198-1: An update that fixes two vulnerabilities is now available.
Category: security (important)
Bug References: 1205242,1205243
CVE References: CVE-2022-45059,CVE-2022-45060
openSUSE Backports SLE-15-SP4 (src): varnish-7.2.1-bp188.8.131.52