{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-04T12:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://varnish-cache.org/security/VSV00007.html"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.varnish-software.com/security/VSV00007/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be"}, {"name": "FEDORA-2021-36e10d3f9f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/"}, {"name": "FEDORA-2021-cf7585f0ca", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/"}, {"name": "DSA-5088", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5088"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-36740", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://varnish-cache.org/security/VSV00007.html", "refsource": "MISC", "url": "https://varnish-cache.org/security/VSV00007.html"}, {"name": "https://docs.varnish-software.com/security/VSV00007/", "refsource": "MISC", "url": "https://docs.varnish-software.com/security/VSV00007/"}, {"name": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf", "refsource": "MISC", "url": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf"}, {"name": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be", "refsource": "MISC", "url": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be"}, {"name": "FEDORA-2021-36e10d3f9f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/"}, {"name": "FEDORA-2021-cf7585f0ca", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/"}, {"name": "DSA-5088", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5088"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:01:58.991Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://varnish-cache.org/security/VSV00007.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.varnish-software.com/security/VSV00007/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be"}, {"name": "FEDORA-2021-36e10d3f9f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/"}, {"name": "FEDORA-2021-cf7585f0ca", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/"}, {"name": "DSA-5088", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5088"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-36740", "datePublished": "2021-07-14T16:07:28", "dateReserved": "2021-07-14T00:00:00", "dateUpdated": "2024-08-04T01:01:58.991Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:plus:*:*:*", "matchCriteriaId": "F094729F-7EA5-4AD5-B0C1-65F9A401838A", "versionEndExcluding": "6.0.8", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish-cache:varnish_cache:6.0.8:r1:*:*:plus:*:*:*", "matchCriteriaId": "B32A2391-A59E-45F3-8A65-3AF018F3F08F", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish-cache:varnish_cache:6.0.8:r2:*:*:plus:*:*:*", "matchCriteriaId": "26C18D9B-9561-49FB-A9E4-9A8F37635F86", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*", "matchCriteriaId": "48EB8B3B-152D-46EF-B868-9EAA640EE11B", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*", "matchCriteriaId": "3C9C515C-1514-4E52-98D5-850D6ACB60B0", "versionEndIncluding": "6.0.7", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*", "matchCriteriaId": "80E7D421-3E84-4185-9FC4-ACF2C5A8E8EA", "versionEndIncluding": "5.2.1", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*", "matchCriteriaId": "A30F7732-D4C3-4D6E-8651-BC77A336AAEE", "versionEndIncluding": "6.6.0", "versionStartIncluding": "6.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8."}, {"lang": "es", "value": "Varnish Cache, con HTTP/2 habilitado, permite el contrabando de peticiones y la omisi\u00f3n de autorizaci\u00f3n de VCL por medio de un encabezado Content-Length grande para una petici\u00f3n POST. Esto afecta a Varnish Enterprise versiones 6.0.x anteriores a 6.0.8r3, y Varnish Cache versiones 5.xy 6.x anteriores a 6.5.2, versiones 6.6.x anteriores a 6.6.1 y versiones 6.0 LTS anteriores a 6.0.8"}], "id": "CVE-2021-36740", "lastModified": "2024-11-21T06:13:59.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-14T17:15:08.253", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://docs.varnish-software.com/security/VSV00007/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://varnish-cache.org/security/VSV00007.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://docs.varnish-software.com/security/VSV00007/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://varnish-cache.org/security/VSV00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5088"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2988", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "varnish:6-8040020210722190209.522a0ee4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-02T00:00:00Z"}, {"advisory": "RHSA-2021:2988", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "varnish:6-8010020210726155835.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-08-02T00:00:00Z"}, {"advisory": "RHSA-2021:2988", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "varnish:6-8020020210726155330.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-08-02T00:00:00Z"}, {"advisory": "RHSA-2021:2993", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-varnish6-varnish-0:6.0.8-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHSA-2021:2993", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-varnish6-varnish-modules-0:0.15.0-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHSA-2021:2993", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-varnish6-varnish-0:6.0.8-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHSA-2021:2993", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-varnish6-varnish-modules-0:0.15.0-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-03T00:00:00Z"}], "bugzilla": {"description": "varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request", "id": "1982409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982409"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-444", "details": ["Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.", "A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."], "mitigation": {"lang": "en:us", "value": "This issue can be mitigated by:\n1) Disabling HTTP/2 request support by executing:\n~~~\nsudo varnishadm param.set feature -http2\n~~~\n2) Disabling backend connection reuse on varnish side, the following rule can be inserted into Varnish configuration:\n~~~\nsub vcl_backend_fetch {\nset bereq.http.Connection = \"close\";\n}\n~~~"}, "name": "CVE-2021-36740", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "varnish", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-07-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-36740\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-36740\nhttps://varnish-cache.org/security/VSV00007.html"], "threat_severity": "Important", "upstream_fix": "varnish 6.6.1, varnish 6.5.2, varnish 6.0.8"}