漏洞信息详情
Varnish Cache 环境问题漏洞
- CNNVD编号:CNNVD-202107-986
- 危害等级: 中危
- CVE编号: CVE-2021-36740
- 漏洞类型: 环境问题
- 发布时间: 2021-07-13
- 威胁类型: 远程
- 更新时间: 2022-06-10
- 厂 商:
- 漏洞来源:
漏洞简介
Varnish Cache是一套反向网站缓存服务器。
Varnish Enterprise 存在安全漏洞,该漏洞源于启用 HTTP/2 的 Varnish 缓存允许通过 POST 请求的大型 Content-Length 标头进行请求走私和VCL授权绕过。以下产品及版本受到影响:Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:
https://github.com/varnishcache/varnish-cache。
参考网址
来源:MISC
链接:https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be
来源:DEBIAN
链接:https://www.debian.org/security/2022/dsa-5088
来源:MISC
链接:https://varnish-cache.org/security/VSV00007.HTML
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/
来源:MISC
链接:https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf
来源:MISC
链接:https://docs.varnish-software.com/security/VSV00007/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2609
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163722/Red-Hat-Security-Advisory-2021-2988-01.HTML
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021080216
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.0904
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022030409
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2021-36740
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-36740
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022060903
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2601
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021080322
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/167452/Ubuntu-Security-Notice-USN-5474-1.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163728/Red-Hat-Security-Advisory-2021-2993-01.HTML
受影响实体
暂无
补丁
暂无
评论