CVE-2021-36740 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Url request injection |
Description | Varnish Cache before version 6.6.1, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2154 | varnish | 6.6.0-2 | 6.6.1-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
14 Jul 2021 | ASA-202107-28 | AVG-2154 | varnish | Medium | url request injection |
References |
---|
https://varnish-cache.org/security/VSV00007.html https://github.com/varnishcache/varnish-cache/commit/7d73bc843ea9bff79e33773f1cfe2dffa7d03ea1 |
Notes |
---|
Workaround ========== The issue can be mitigated by turning off support for HTTP/2, using sudo varnishadm param.set feature -http2 or by preventing connection reuse with the following configuration: sub vcl_backend_fetch { set bereq.http.Connection = "close"; } |