# CVE-2022-45059-demo
Varnish Cache releases 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1 and 7.2.0 have a request smuggling vulnerability where an attacker can request that the content-length header is made hop-by-hop.
This is a demo consisting of a Spring Boot web application running behind a vulnerable version of Varnish Cache.
A "victim" sends requests to the application every 5 seconds and the goal is to steal his cookies.
## Running the application
### Option 1 - Using prebuilt images
```
docker compose up
```
View the website at: http://localhost
### Option 2 - Build the images yourself
```
docker build -t <TAG_NAME> frontend
docker build -t <TAG_NAME> backend
docker build -t <TAG_NAME> victim
```
Update `docker-compose.yml` with your images and run `docker compose up`.
View the website at: http://localhost
## Packet capture
Packet capturing is enabled on the backend and the pcap file is written to `./capture/backend.pcap`
[4.0K] /data/pocs/87a11c4c8d38b0b9cd2ec8c0eaa3426f90224236
├── [4.0K] backend
│ ├── [ 362] Dockerfile
│ ├── [ 11K] mvnw
│ ├── [1.8K] pom.xml
│ └── [4.0K] src
│ ├── [4.0K] main
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] no
│ │ │ └── [4.0K] martinvks
│ │ │ └── [4.0K] catblog
│ │ │ ├── [ 294] AssetsController.java
│ │ │ ├── [ 315] CatblogApplication.java
│ │ │ ├── [ 489] Comment.java
│ │ │ └── [1.0K] CommentsController.java
│ │ └── [4.0K] resources
│ │ ├── [ 0] application.properties
│ │ └── [4.0K] static
│ │ ├── [ 395] index.html
│ │ └── [4.0K] static
│ │ ├── [4.0K] css
│ │ │ ├── [ 10K] main.c85e109b.css
│ │ │ └── [ 14K] main.c85e109b.css.map
│ │ ├── [4.0K] js
│ │ │ ├── [356K] main.de449dc4.js
│ │ │ ├── [2.1K] main.de449dc4.js.LICENSE.txt
│ │ │ └── [1.6M] main.de449dc4.js.map
│ │ └── [4.0K] media
│ │ ├── [2.5K] cat.014e0cac9ded85ca70fd8ad5f878c75f.svg
│ │ ├── [9.4K] roboto-cyrillic-300-normal.1431d1cef06ad04f5458.woff2
│ │ ├── [8.2K] roboto-cyrillic-300-normal.5b5f2f31962967dfc22c.woff
│ │ ├── [9.4K] roboto-cyrillic-400-normal.71a33b6b50457b2c903a.woff2
│ │ ├── [8.2K] roboto-cyrillic-400-normal.c1d66054fe23e181d92c.woff
│ │ ├── [8.5K] roboto-cyrillic-500-normal.965aebef74db72eaf236.woff
│ │ ├── [9.6K] roboto-cyrillic-500-normal.cad7d3d9cb265e334e58.woff2
│ │ ├── [9.4K] roboto-cyrillic-700-normal.d010f1f324e111a22e53.woff2
│ │ ├── [8.5K] roboto-cyrillic-700-normal.f8a034d72aa6828199d4.woff
│ │ ├── [ 13K] roboto-cyrillic-ext-300-normal.3503ec5cc6330e21f695.woff
│ │ ├── [ 15K] roboto-cyrillic-ext-300-normal.4777461b144e55145268.woff2
│ │ ├── [ 15K] roboto-cyrillic-ext-400-normal.804378952da8a10faae2.woff2
│ │ ├── [ 13K] roboto-cyrillic-ext-400-normal.af4d91666ea345601bea.woff
│ │ ├── [ 13K] roboto-cyrillic-ext-500-normal.268f264f58eba5c07c88.woff
│ │ ├── [ 15K] roboto-cyrillic-ext-500-normal.62ced72e5832f02c2796.woff2
│ │ ├── [ 13K] roboto-cyrillic-ext-700-normal.198a421f279162d59143.woff
│ │ ├── [ 14K] roboto-cyrillic-ext-700-normal.be4d02458ce53887dc37.woff2
│ │ ├── [6.3K] roboto-greek-300-normal.8ecd7085cfe9bc2c22ac.woff
│ │ ├── [7.0K] roboto-greek-300-normal.db2632771401f61463fe.woff2
│ │ ├── [6.9K] roboto-greek-400-normal.c35e4c3958e209d17b31.woff2
│ │ ├── [6.2K] roboto-greek-400-normal.dfdff8fa12eac629d29f.woff
│ │ ├── [6.2K] roboto-greek-500-normal.1a05a4887ccb810cb4dd.woff
│ │ ├── [6.9K] roboto-greek-500-normal.9ac81fefbe6c319ea40b.woff2
│ │ ├── [6.8K] roboto-greek-700-normal.50e795c1345353b0e996.woff2
│ │ ├── [6.2K] roboto-greek-700-normal.a84892c56152037b3552.woff
│ │ ├── [1.4K] roboto-greek-ext-300-normal.35b9d6be04b95f0f0530.woff2
│ │ ├── [1.2K] roboto-greek-ext-300-normal.392a45a84c081c4b412d.woff
│ │ ├── [1.4K] roboto-greek-ext-400-normal.169619821ea93019d1bb.woff2
│ │ ├── [1.2K] roboto-greek-ext-400-normal.f708607d2a7290fb8bfa.woff
│ │ ├── [1.5K] roboto-greek-ext-500-normal.6fb9cffb1d3e72bf9293.woff2
│ │ ├── [1.2K] roboto-greek-ext-500-normal.eaa367bbd0b333a7f80b.woff
│ │ ├── [1.2K] roboto-greek-ext-700-normal.249853776d22a271b2b5.woff
│ │ ├── [1.4K] roboto-greek-ext-700-normal.bd9854c751441ccc1a70.woff2
│ │ ├── [ 14K] roboto-latin-300-normal.0515ab82dae6923cab85.woff
│ │ ├── [ 15K] roboto-latin-300-normal.c48fb6765a9fcb00b330.woff2
│ │ ├── [ 14K] roboto-latin-400-normal.3f2b9a42f643e62a49b7.woff
│ │ ├── [ 15K] roboto-latin-400-normal.b009a76ad6afe4ebd301.woff2
│ │ ├── [ 14K] roboto-latin-500-normal.1f075502d0094a398e21.woff
│ │ ├── [ 16K] roboto-latin-500-normal.f25d774ecfe0996f8eb5.woff2
│ │ ├── [ 15K] roboto-latin-700-normal.227c93190fe7f82de3f8.woff2
│ │ ├── [ 14K] roboto-latin-700-normal.666d7a2f9db53cf52e2d.woff
│ │ ├── [ 10K] roboto-latin-ext-300-normal.182712ab85f1472cdb2f.woff
│ │ ├── [ 12K] roboto-latin-ext-300-normal.dc7dcec8e3f654e0ed63.woff2
│ │ ├── [ 12K] roboto-latin-ext-400-normal.861b791f9de857a6e7bc.woff2
│ │ ├── [10.0K] roboto-latin-ext-400-normal.e757c42df6aaa3e11b62.woff
│ │ ├── [9.9K] roboto-latin-ext-500-normal.252057e589a0379208ed.woff
│ │ ├── [ 12K] roboto-latin-ext-500-normal.9165081d10e1ba601384.woff2
│ │ ├── [9.9K] roboto-latin-ext-700-normal.c1cc6d6fc851b3a2f79d.woff
│ │ ├── [ 12K] roboto-latin-ext-700-normal.ed67ad54b1a8f5d21150.woff2
│ │ ├── [5.3K] roboto-vietnamese-300-normal.32fc45a3d1e8ea11fabc.woff2
│ │ ├── [4.7K] roboto-vietnamese-300-normal.8472d69545c7409091b4.woff
│ │ ├── [5.4K] roboto-vietnamese-400-normal.3230f9b040f3c630e0c3.woff2
│ │ ├── [4.6K] roboto-vietnamese-400-normal.e0e8ba725ebd107367a8.woff
│ │ ├── [4.6K] roboto-vietnamese-500-normal.657896dad292ee9a0a0a.woff
│ │ ├── [5.5K] roboto-vietnamese-500-normal.d8642a3d1d4ef6179644.woff2
│ │ ├── [5.4K] roboto-vietnamese-700-normal.3425a701027d0699e369.woff2
│ │ └── [4.6K] roboto-vietnamese-700-normal.4df79f684fcbca8386bd.woff
│ └── [4.0K] test
│ └── [4.0K] java
│ └── [4.0K] no
│ └── [4.0K] martinvks
│ └── [4.0K] catblog
│ └── [ 213] CatblogApplicationTests.java
├── [ 462] docker-compose.yml
├── [4.0K] frontend
│ ├── [ 143] default.vcl
│ └── [ 57] Dockerfile
├── [1.0K] LICENSE
├── [ 948] README.md
└── [4.0K] victim
├── [ 129] Dockerfile
└── [ 462] script.sh
20 directories, 79 files