Description
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
References (5)
Scores
CVSS v3
9.1
EPSS
0.0035
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-444
Status
published
Products (10)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
35
varnish-software/varnich_cache
4.1
varnish-software/varnich_cache
1.0.0 - 6.6.2
varnish-software/varnich_cache
4.1.1 - 4.1.11r6
varnish-software/varnish_cache
6.0.0 - 6.0.10
varnish-software/varnish_cache_plus
6.0.0 - 6.0.9r4
varnish_cache_project/varnish_cache
7.0.0 - 7.0.2
Published
Jan 26, 2022
Tracked Since
Feb 18, 2026