Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Varnish Cache 安全漏洞
Vulnerability Description
Varnish Cache是一套反向网站缓存服务器。 Varnish Cache 5.x版本、6.x版本至6.0.11之前版本、7.x版本至7.1.2之前版本、7.2.x版本至7.2.1之前版本存在安全漏洞。攻击者利用该漏洞通过HTTP/2 pseudo-headers引入在HTTP/1请求中无效的字符,导致Varnish服务器向后端产生无效的HTTP/1请求。
CVSS Information
N/A
Vulnerability Type
N/A