CVE-2022-45059

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Varnish Cache versions 7.0.0 through 7.1.1 Varnish Cache versions 7.2.0 through 7.2.0

Description An issue was discovered in Varnish Cache, allowing a request smuggling attack to be performed on Varnish Cache servers. This occurs when certain headers are requested to be made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.

Recommendations For Varnish Cache versions 7.0.0 through 7.1.1, update to version 7.1.2 or later. For Varnish Cache versions 7.2.0 through 7.2.0, update to version 7.2.1 or later.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

BIT-VARNISH-2022-45059

CVE-2022-45059

OESA-2023-1915

OESA-2023-1916

OESA-2023-1917

OPENSUSE-SU-2022:10198-1

OPENSUSE-SU-2024:12496-1

OPENSUSE-SU-2026:10751-1

Affected Products

Varnish Cache

CVE-2022-45059

Weakness Enumeration

Related Identifiers

Affected Products

References · 39