29 matches found
MiracleLinux 7 : rh-varnish6-varnish-6.0.8-2.el7.1 (AXSA:2022-3192:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3192:01 advisory. varnish: HTTP/1 request smuggling vulnerability CVE-2022-23959 Tenable has extracted the preceding description block directly from the MiracleLinux security...
TencentOS Server 3: varnish:6 (TSSA-2022:0024)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0024 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Fedora 36 : varnish (2022-d77f991ed2)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d77f991ed2 advisory. Automatic update for varnish-7.0.2-1.fc36. Changelog Wed Jan 26 2022 Ingvar Hagelund - 7.0.2-1 - New upstream release. A security release - Includes fix for...
Important: varnish
Issue Overview: A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an...
openSUSE 15 Security Update : varnish (openSUSE-SU-2022:0148-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0148-1 advisory. - Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST...
RHEL 7 : rh-varnish6-varnish (RHSA-2022:4745)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4745 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...
Important: Red Hat Security Advisory: rh-varnish6-varnish security update
An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
AlmaLinux 8 : varnish:6 (ALSA-2022:0418)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0418 advisory. varnish: HTTP/1 request smuggling vulnerability CVE-2022-23959 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...
Debian: Security Advisory (DSA-5088-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5088-1 : varnish - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5088 advisory. - Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affect...
[SECURITY] [DSA 5088-1] varnish security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5088-1 [email protected] https://www.debian.org/security/ Florian Weimer March 03, 2022 https://www.debian.org/security/faq -...
Mageia: Security Advisory (MGASA-2022-0079)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated varnish packages fix security vulnerability
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. CVE-2022-23959...
[SECURITY] [DLA 2920-1] varnish security update
Debian LTS Advisory DLA-2920-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 14, 2022 https://wiki.debian.org/LTS Package : varnish Version : 5.0.0-7+deb9u3 CVE ID : CVE-2022-23959 Debian Bug : 1004433 James Kettle discovered that a request smuggling...
CentOS 8 : varnish:6 (CESA-2022:0418)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:0418 advisory. - varnish: HTTP/1 request smuggling vulnerability CVE-2022-23959 Note that Nessus has not tested for this issue but has instead relied only on the application's...
Important: Red Hat Security Advisory: varnish:6 security update
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RLSA-2022:0418 Important: varnish:6 security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/1 request smuggling vulnerability CVE-2022-23959 For more details...
ALSA-2022:0418 Important: varnish:6 security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/1 request smuggling vulnerability CVE-2022-23959 For more details...
varnish:6 security update
varnish 6.0.8-1.1 - Resolves: 2047648 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request Smuggling Vulnerability varnish-modules 0.15.0-6 - Related: 1982862 - rebuild for new varnish version...
RHEL 8 : varnish:6 (RHSA-2022:0421)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0421 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...