FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
5b8d8dee-6088-11ed-8c5e-641c67a117d8 | varnish -- HTTP/2 Request Forgery Vulnerability
Varnish Cache Project reports:
A request forgery attack can be performed on Varnish Cache servers that
have the HTTP/2 protocol turned on. An attacker may introduce
characters through the HTTP/2 pseudo-headers that are invalid in the
context of an HTTP/1 request line, causing the Varnish server to
produce invalid HTTP/1 requests to the backend. This may in turn be
used to successfully exploit vulnerabilities in a server behind the
Varnish server.
Discovery 2022-11-08 Entry 2022-11-09 varnish7
< 7.2.1
varnish6
le 6.6.2
https://varnish-cache.org/security/VSV00011.html
|
b10d1afa-6087-11ed-8c5e-641c67a117d8 | varnish -- Request Smuggling Vulnerability
Varnish Cache Project reports:
A request smuggling attack can be performed on Varnish Cache servers by
requesting that certain headers are made hop-by-hop, preventing the
Varnish Cache servers from forwarding critical headers to the backend.
Among the headers that can be filtered this way are both Content-Length
and Host, making it possible for an attacker to both break the HTTP/1
protocol framing, and bypass request to host routing in VCL.
Discovery 2022-11-08 Entry 2022-11-09 varnish7
< 7.2.1
https://varnish-cache.org/security/VSV00010.html
|