CVE - CVE-2021-36740

CVE-ID
CVE-2021-36740	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
DEBIAN:DSA-5088 URL:https://www.debian.org/security/2022/dsa-5088 FEDORA:FEDORA-2021-36e10d3f9f URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/ FEDORA:FEDORA-2021-cf7585f0ca URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/ MISC:https://docs.varnish-software.com/security/VSV00007/ MISC:https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be MISC:https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf MISC:https://varnish-cache.org/security/VSV00007.html
Assigning CNA
MITRE Corporation
Date Record Created
20210714	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210714)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)