Loading
Generated remediation guidance and an executive summary. No account required.
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
Use CWE-20, Varnish-Software vendor hub and Varnish Cache product page to widen CVE-2022-45060 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2022-23959, CVE-2020-11653 and CVE-2019-20637 for nearby disclosures in the same product family.