ASA-202107-28 - log back

ASA-202107-28 edited at 16 Jul 2021 14:53:50
Workaround
The issue can be mitigated by turning off support for HTTP/2, using
sudo varnishadm param.set feature -http2
or by preventing connection reuse with the following configuration:
sub vcl_backend_fetch {
set bereq.http.Connection = "close";
}
ASA-202107-28 edited at 14 Jul 2021 20:11:42
Workaround
+ The issue can be mitigated by turning off support for HTTP/2, using
+
+ sudo varnishadm param.set feature -http2
+
+ or by preventing connection reuse with the following configuration:
+
+ sub vcl_backend_fetch {
+ set bereq.http.Connection = "close";
+ }
Impact
+ A remote attacker could inject arbitrary HTTP requests through an HTTP/2 POST request with a large Content-Length header.
ASA-202107-28 created at 14 Jul 2021 20:09:44