vulnerability
FreeBSD: VID-5b8d8dee-6088-11ed-8c5e-641c67a117d8: varnish -- HTTP/2 Request Forgery Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Nov 9, 2022 | Nov 10, 2022 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Nov 9, 2022
Added
Nov 10, 2022
Modified
Dec 10, 2025
Description
Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server.
Solutions
freebsd-upgrade-package-varnish7freebsd-upgrade-package-varnish6
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.