admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-239xx/CVE-2022-23959.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

243 lines
7.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-23959",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-26T01:15:07.900",
"lastModified": "2024-11-21T06:49:32.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections."
},
{
"lang": "es",
"value": "En Varnish Cache versiones anteriores a 6.6.2 y 7.x versiones anteriores a 7.0.2, Varnish Cache 6.0 LTS versiones anteriores a 6.0.10, y Varnish Enterprise (Cache Plus) 4.1.x versiones anteriores a 4.1.11r6 y 6.0.x versiones anteriores a 6.0.9r4, puede producirse contrabando de peticiones para conexiones HTTP/1"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"baseScore": 6.4,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "6.6.2",
"matchCriteriaId": "46189326-29F3-4641-ADB0-5355B69776D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnich_cache:*:*:*:*:plus:*:*:*",
"versionStartIncluding": "4.1.1",
"versionEndExcluding": "4.1.11r6",
"matchCriteriaId": "409748DC-967D-4843-8FE4-E06F75A4B459"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnich_cache:4.1:*:*:*:lts:*:*:*",
"matchCriteriaId": "9EE19451-5DA3-4F4B-B972-13ED93EE4446"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.10",
"matchCriteriaId": "5C4F2BA4-3275-4365-9F41-0D04320C383A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnish_cache_plus:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.9r4",
"matchCriteriaId": "16AE4401-F65C-4246-98AA-AAAAEFA97D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.2",
"matchCriteriaId": "1E0E1405-62BB-446D-A04B-0A312FB81E3E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.varnish-software.com/security/VSV00008/",
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/",
"source": "cve@mitre.org"
},
{
"url": "https://varnish-cache.org/security/VSV00008.html",
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2022/dsa-5088",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://docs.varnish-software.com/security/VSV00008/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://varnish-cache.org/security/VSV00008.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2022/dsa-5088",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink