CVE-2022-45059 — Vulnetix

CVE-2022-45059 PUBLISHED

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.

EPSS 1.52% · 81.6th percentile

Risk Scores

EPSS Score

1.52%

81.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	varnish	7.0.0, 7.2.0
Bitnami	varnish	7.0.0, 7.2.0

Timeline

Nov 8, 2022 CVE Published
Nov 9, 2022 EPSS Score
Dec 22, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 18, 2023 EPSS Score
Apr 30, 2023 EPSS Score
Jul 25, 2023 EPSS Score
Sep 6, 2023 EPSS Score
Oct 19, 2023 EPSS Score
Jan 13, 2024 EPSS Score
Feb 25, 2024 EPSS Score
Apr 8, 2024 EPSS Score

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/ url
https://varnish-cache.org/security/VSV00010.html url
https://nvd.nist.gov/vuln/detail/CVE-2022-45059 url

Open in Interactive Console →