oss-sec mailing list archives

Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack

From: Asad Ahmed <asadsa () varnish-software com>
Date: Thu, 15 May 2025 09:26:59 +0200

Hello again,

On Tue, May 13, 2025 at 4:57 PM Asad Ahmed <asadsa () varnish-software com>
wrote:

*CVE*: Not assigned yet, expect a follow-up here.

CVE-2025-47905 <https://www.cve.org/CVERecord?id=CVE-2025-47905>

References:


- https://varnish-cache.org/security/VSV00016.html#vsv00016
- https://varnish-cache.org/security/index.html
-
https://varnish-cache.org/lists/pipermail/varnish-announce/2025-May/000767.html
- https://github.com/varnishcache/varnish-cache
- https://varnish-cache.org/releases/rel7.7.1.html#rel7-7-1
- https://varnish-cache.org/releases/rel7.6.3.html#rel7-6-3
- https://varnish-cache.org/releases/rel6.0.14.html#rel6-0-14


A follow-up announcement to share an update to the release notes:
-
https://varnish-cache.org/lists/pipermail/varnish-announce/2025-May/000768.html

-- 
Asad

Current thread:

VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed (May 13)
- Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Marco Benatto (May 13)
- Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed (May 15)