vulnerability
FreeBSD: VID-b10d1afa-6087-11ed-8c5e-641c67a117d8: varnish -- Request Smuggling Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Nov 9, 2022 | Nov 10, 2022 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Nov 9, 2022
Added
Nov 10, 2022
Modified
Dec 10, 2025
Description
Varnish Cache Project reports: A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Among the headers that can be filtered this way are both Content-Length and Host, making it possible for an attacker to both break the HTTP/1 protocol framing, and bypass request to host routing in VCL.
Solution
freebsd-upgrade-package-varnish7
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.