EUVD-2022-28875

Malicious code in bioql PyPI...

BIT-VARNISH-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

Amazon Linux AMI : varnish (ALAS-2022-1632)

The version of varnish installed on the remote host is prior to 4.0.5-3.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1632 advisory. A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnis...

AlmaLinux 8 : varnish:6 (ALSA-2022:0418)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0418 advisory. varnish: HTTP/1 request smuggling vulnerability CVE-2022-23959 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

Updated varnish packages fix security vulnerability

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. CVE-2022-23959...

Debian DLA-2920-1 : varnish - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2920 advisory. James Kettle discovered that a request smuggling attack can be performed on HTTP/1 connections on Varnish servers, high-performance web accelerators. The smuggled request...

FreeBSD : varnish -- Request Smuggling Vulnerability (b0c83e1a-8153-11ec-84f9-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b0c83e1a-8153-11ec-84f9-641c67a117d8 advisory. - In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and...

HTTP Request Smuggling (HRS)

varnish is vulnerable to HTTP request smuggling. The vulnerability exists due to a lack of sanitization in the HTTP/1 connections...

CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

varnish -- Request Smuggling Vulnerability

Varnish Cache Project reports: A request smuggling attack can be performed on HTTP/1 connections on Varnish Cache servers. The smuggled request would be treated as an additional request by the Varnish server, go through normal VCL processing, and injected as a spurious response on the client...