Unrated severityNVD Advisory· Published Nov 9, 2022· Updated May 1, 2025
CVE-2022-45059
CVE-2022-45059
Description
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- Varnish Cache/Varnish Cachedescription
- Range: >=7.0.0 <7.1.2, >=7.2.0 <7.2.1
- osv-coords12 versionspkg:bitnami/varnishpkg:deb/ubuntu/varnish@3.0.5-2ubuntu0.1?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/varnish@4.1.1-1ubuntu0.2+esm1?arch=source&distro=esm-apps/xenialpkg:deb/ubuntu/varnish@5.2.1-1ubuntu0.1?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/varnish@6.2.1-2ubuntu0.2?arch=source&distro=focalpkg:deb/ubuntu/varnish@6.6.1-1ubuntu0.2?arch=source&distro=jammypkg:deb/ubuntu/varnish@7.1.1-1.1ubuntu1?arch=source&distro=noblepkg:deb/ubuntu/varnish@7.5.0-3?arch=source&distro=oracularpkg:rpm/opensuse/varnish&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/varnish&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/vinyl-cache&distro=openSUSE%20Tumbleweedpkg:rpm/suse/varnish&distro=SUSE%20Package%20Hub%2015%20SP4
>= 7.0.0, < 7.1.2+ 11 more
- (no CPE)range: >= 7.0.0, < 7.1.2
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: < 7.2.1-bp154.2.9.1
- (no CPE)range: < 7.2.1-1.1
- (no CPE)range: < 9.0.0-1.1
- (no CPE)range: < 7.2.1-bp154.2.9.1
Patches
Vulnerability mechanics
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/mitrevendor-advisory
- varnish-cache.org/security/VSV00010.htmlmitre
News mentions
0No linked articles in our index yet.