Lucene search
Varnish Cache Plus Security Vulnerabilities
cve
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
9.1CVSS
9AI Score
0.005EPSS
2022-01-26 01:15 AM
163
2
cve
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce inva...
7.5CVSS
7.3AI Score
0.003EPSS
2022-11-09 06:15 AM
89
7