CVE-2021-36740 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Url request injection
Description	Varnish Cache before version 6.6.1, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2154	varnish	6.6.0-2	6.6.1-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
14 Jul 2021	ASA-202107-28	AVG-2154	varnish	Medium	url request injection

References
https://varnish-cache.org/security/VSV00007.html https://github.com/varnishcache/varnish-cache/commit/7d73bc843ea9bff79e33773f1cfe2dffa7d03ea1

Notes
Workaround ========== The issue can be mitigated by turning off support for HTTP/2, using sudo varnishadm param.set feature -http2 or by preventing connection reuse with the following configuration: sub vcl_backend_fetch { set bereq.http.Connection = "close"; }

Notes

Workaround
==========

The issue can be mitigated by turning off support for HTTP/2, using

sudo varnishadm param.set feature -http2

or by preventing connection reuse with the following configuration:

sub vcl_backend_fetch {
      set bereq.http.Connection = "close";
}