ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0387
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0387)
Resumen:	The remote host is missing an update for the 'varnish' package(s) announced via the MGASA-2021-0387 advisory.
Descripción:	Summary: The remote host is missing an update for the 'varnish' package(s) announced via the MGASA-2021-0387 advisory. Vulnerability Insight: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8 (CVE-2021-36740). Affected Software/OS: 'varnish' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-36740 Debian Security Information: DSA-5088 (Google Search) https://www.debian.org/security/2022/dsa-5088 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHBNLDEOTGYRIEQZBWV7F6VPYS4O2AAK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/ https://docs.varnish-software.com/security/VSV00007/ https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf https://varnish-cache.org/security/VSV00007.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.