CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

Published: Jul 14, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-36740
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-444

Affected Software
References

Software	From	Fixed in
varnish-cache / varnish_cache	6.0.0	6.0.8
varnish-cache / varnish_cache	6.0.8-r2	6.0.8-r2.x
varnish-cache / varnish_cache	6.0.8-r1	6.0.8-r1.x
varnish_cache_project / varnish_cache	5.0.0	5.2.1.x
varnish_cache_project / varnish_cache	6.1.0	6.6.0.x
varnish-software / varnish_cache	6.0.0	6.0.7.x
varnish-software / varnish_cache	6.0.0	6.0.5.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x

Vulnerability Database

289,598

CVE-2021-36740