Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47905 (GCVE-0-2025-47905)
Vulnerability from cvelistv5 – Published: 2025-05-13 00:00 – Updated: 2025-05-29 09:03
VLAI
EPSS
Summary
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Severity
5.4 (Medium)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| varnish-software | Varnish Cache |
Affected:
0 , < 6.0.14 LTS
(custom)
Affected: 7.0.0 , < 7.6.3 (custom) Affected: 7.7.0 , < 7.7.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T14:15:16.258197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T14:15:21.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-29T09:03:18.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/15/2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Varnish Cache",
"vendor": "varnish-software",
"versions": [
{
"lessThan": "6.0.14 LTS",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.6.3",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "7.7.1",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.14 LTS",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.7.1",
"versionStartIncluding": "7.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T22:02:08.051Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://varnish-cache.org/security/VSV00016.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-47905",
"datePublished": "2025-05-13T00:00:00.000Z",
"dateReserved": "2025-05-13T00:00:00.000Z",
"dateUpdated": "2025-05-29T09:03:18.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47905",
"date": "2026-05-27",
"epss": "0.0029",
"percentile": "0.52549"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47905\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-05-13T22:15:24.990\",\"lastModified\":\"2025-05-29T09:15:26.587\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.\"},{\"lang\":\"es\",\"value\":\"Varnish Cache anterior a 7.6.3 y 7.7 anterior a 7.7.1, y Varnish Enterprise anterior a 6.0.13r14, permiten la desincronizaci\u00f3n del lado del cliente a trav\u00e9s de solicitudes HTTP/1, porque el producto permite incorrectamente que se omita CRLF para delimitar los l\u00edmites de los fragmentos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"references\":[{\"url\":\"https://varnish-cache.org/security/VSV00016.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/05/15/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/05/15/2\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/05/msg00040.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-29T09:03:18.582Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47905\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-14T14:15:16.258197Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-14T14:15:18.689Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\"}}], \"affected\": [{\"vendor\": \"varnish-software\", \"product\": \"Varnish Cache\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.0.14 LTS\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.6.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.7.0\", \"lessThan\": \"7.7.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://varnish-cache.org/security/VSV00016.html\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.0.14 LTS\"}, {\"criteria\": \"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.6.3\", \"versionStartIncluding\": \"7.0.0\"}, {\"criteria\": \"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.7.1\", \"versionStartIncluding\": \"7.7.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-05-13T22:02:08.051Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47905\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-29T09:03:18.582Z\", \"dateReserved\": \"2025-05-13T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-05-13T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2025:8336
Vulnerability from osv_almalinux
Published
2025-06-02 00:00
Modified
2025-07-02 11:51
Summary
Important: varnish:6 security update
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
- varnish: request smuggling attacks (CVE-2025-47905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "varnish"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.13-1.module_el8.10.0+4003+9759c3c1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "varnish-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.13-1.module_el8.10.0+4003+9759c3c1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "varnish-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.13-1.module_el8.10.0+4003+9759c3c1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "varnish-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.15.0-6.module_el8.9.0+3826+307eaba4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\nSecurity Fix(es): \n\n * varnish: request smuggling attacks (CVE-2025-47905)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:8336",
"modified": "2025-07-02T11:51:02Z",
"published": "2025-06-02T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:8336"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-47905"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2364235"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-8336.html"
}
],
"related": [
"CVE-2025-47905"
],
"summary": "Important: varnish:6 security update"
}
alsa-2025:8337
Vulnerability from osv_almalinux
Published
2025-06-02 00:00
Modified
2025-06-02 12:04
Summary
Important: varnish security update
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
- varnish: request smuggling attacks (CVE-2025-47905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "varnish"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.2-6.el9_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "varnish-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.2-6.el9_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "varnish-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.2-6.el9_6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\nSecurity Fix(es): \n\n * varnish: request smuggling attacks (CVE-2025-47905)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:8337",
"modified": "2025-06-02T12:04:43Z",
"published": "2025-06-02T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:8337"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-47905"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2364235"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-8337.html"
}
],
"related": [
"CVE-2025-47905"
],
"summary": "Important: varnish security update"
}
alsa-2025:8550
Vulnerability from osv_almalinux
Published
2025-06-04 00:00
Modified
2025-06-16 12:36
Summary
Important: varnish security update
Details
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
- varnish: request smuggling attacks (CVE-2025-47905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "varnish"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.6.1-2.el10_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "varnish-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.6.1-2.el10_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "varnish-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.6.1-2.el10_0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\nSecurity Fix(es): \n\n * varnish: request smuggling attacks (CVE-2025-47905)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:8550",
"modified": "2025-06-16T12:36:44Z",
"published": "2025-06-04T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:8550"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-47905"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2364235"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2025-8550.html"
}
],
"related": [
"CVE-2025-47905"
],
"summary": "Important: varnish security update"
}
BDU:2025-15593
Vulnerability from fstec - Published: 13.05.2025
VLAI
Title
Уязвимость HTTP-акселератора Varnish Cache, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю осуществлять атаки с подменой HTTP-запросов
Description
Уязвимость HTTP-акселератора Varnish Cache связана с недостатками обработки HTTP-запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществлять атаки с подменой HTTP-запросов
Severity
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», Novell Inc., Varnish Software
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), SUSE Liberty Linux, Varnish Cache
Software Version
8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 8.4 Telecommunications Update Service (Red Hat Enterprise Linux), 8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 9 (SUSE Liberty Linux), 8.8 Extended Update Support (Red Hat Enterprise Linux), 8 (SUSE Liberty Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 10 (Red Hat Enterprise Linux), до 7.6.3 (Varnish Cache), от 7.7 до 7.7.1 (Varnish Cache)
Possible Mitigations
Использование рекомендаций:
https://varnish-cache.org/security/VSV00016.html
Для РедОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-varnish-cve-2025-47905/?sphrase_id=1371059
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2025-47905
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2025-47905
Для программных продуктов Novell Inc.:
https://www.suse.com/ko-kr/security/cve/CVE-2025-47905.html
Reference
https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-varnish-cve-2025-47905/?sphrase_id=1371059
https://varnish-cache.org/security/VSV00016.html
https://security-tracker.debian.org/tracker/CVE-2025-47905
https://access.redhat.com/security/cve/cve-2025-47905
https://www.suse.com/ko-kr/security/cve/CVE-2025-47905.html
CWE
CWE-444
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Novell Inc., Varnish Software",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 8.4 Telecommunications Update Service (Red Hat Enterprise Linux), 8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 9 (SUSE Liberty Linux), 8.8 Extended Update Support (Red Hat Enterprise Linux), 8 (SUSE Liberty Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 10 (Red Hat Enterprise Linux), \u0434\u043e 7.6.3 (Varnish Cache), \u043e\u0442 7.7 \u0434\u043e 7.7.1 (Varnish Cache)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://varnish-cache.org/security/VSV00016.html\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttps://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-varnish-cve-2025-47905/?sphrase_id=1371059\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-47905\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2025-47905\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/ko-kr/security/cve/CVE-2025-47905.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.05.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.12.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.12.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-15593",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-47905",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043d\u043e\u0433\u043e\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0430\u044f",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), SUSE Liberty Linux, Varnish Cache",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.4 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support , Novell Inc. SUSE Liberty Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support , Novell Inc. SUSE Liberty Linux 8 , Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support , Red Hat Inc. Red Hat Enterprise Linux 10 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c HTTP-\u0430\u043a\u0441\u0435\u043b\u0435\u0440\u0430\u0442\u043e\u0440\u0430 Varnish Cache, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0441 \u043f\u043e\u0434\u043c\u0435\u043d\u043e\u0439 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u044f HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (\u0027\u041a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\u0027) (CWE-444)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c HTTP-\u0430\u043a\u0441\u0435\u043b\u0435\u0440\u0430\u0442\u043e\u0440\u0430 Varnish Cache \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0441 \u043f\u043e\u0434\u043c\u0435\u043d\u043e\u0439 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-varnish-cve-2025-47905/?sphrase_id=1371059\nhttps://varnish-cache.org/security/VSV00016.html\nhttps://security-tracker.debian.org/tracker/CVE-2025-47905\nhttps://access.redhat.com/security/cve/cve-2025-47905\nhttps://www.suse.com/ko-kr/security/cve/CVE-2025-47905.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-444",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)"
}
bit-varnish-2025-47905
Vulnerability from bitnami_vulndb
Published
2025-05-28 11:59
Modified
2025-05-30 06:16
Summary
Details
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "varnish",
"purl": "pkg:bitnami/varnish"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.2"
},
{
"introduced": "7.0.0"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-47905"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.",
"id": "BIT-varnish-2025-47905",
"modified": "2025-05-30T06:16:06.723Z",
"published": "2025-05-28T11:59:55.247Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/05/15/2"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47905"
},
{
"type": "WEB",
"url": "https://varnish-cache.org/security/VSV00016.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00040.html"
}
],
"schema_version": "1.6.2"
}
FKIE_CVE-2025-47905
Vulnerability from fkie_nvd - Published: 2025-05-13 22:15 - Updated: 2026-04-15 00:35
Severity
Summary
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries."
},
{
"lang": "es",
"value": "Varnish Cache anterior a 7.6.3 y 7.7 anterior a 7.7.1, y Varnish Enterprise anterior a 6.0.13r14, permiten la desincronizaci\u00f3n del lado del cliente a trav\u00e9s de solicitudes HTTP/1, porque el producto permite incorrectamente que se omita CRLF para delimitar los l\u00edmites de los fragmentos."
}
],
"id": "CVE-2025-47905",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
}
]
},
"published": "2025-05-13T22:15:24.990",
"references": [
{
"source": "cve@mitre.org",
"url": "https://varnish-cache.org/security/VSV00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/05/15/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00040.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
GHSA-CVPP-RMJX-5X2M
Vulnerability from github – Published: 2025-05-14 00:32 – Updated: 2025-05-29 09:30
VLAI
Details
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Severity
5.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-47905"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T22:15:24Z",
"severity": "MODERATE"
},
"details": "Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.",
"id": "GHSA-cvpp-rmjx-5x2m",
"modified": "2025-05-29T09:30:59Z",
"published": "2025-05-14T00:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47905"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00040.html"
},
{
"type": "WEB",
"url": "https://varnish-cache.org/security/VSV00016.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/05/15/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
RHSA-2025:8294
Vulnerability from csaf_redhat - Published: 2025-05-29 08:50 - Updated: 2026-03-18 03:00Summary
Red Hat Security Advisory: varnish:6 security update
Severity
Important
Notes
Topic: An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: request smuggling attacks (CVE-2025-47905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information.
8.1 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: request smuggling attacks (CVE-2025-47905)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8294",
"url": "https://access.redhat.com/errata/RHSA-2025:8294"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2364235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364235"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8294.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2026-03-18T03:00:44+00:00",
"generator": {
"date": "2026-03-18T03:00:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:8294",
"initial_release_date": "2025-05-29T08:50:30+00:00",
"revision_history": [
{
"date": "2025-05-29T08:50:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-29T08:50:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:00:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=src\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=src\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=aarch64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=aarch64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=aarch64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=ppc64le\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=ppc64le\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=ppc64le\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=s390x\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=s390x\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=s390x\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=x86_64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=x86_64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-3.module%2Bel8.8.0%2B23121%2Bd8c7990e.3?arch=x86_64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8080020250522125234:63b34585"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47905",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-05-05T20:49:45.130000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2364235"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: request smuggling attacks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because this is a client-side desync vulnerability in Varnish handling a chunked transfer encoding, where it mishandles CRLF delimiters, allows attackers to smuggle additional HTTP/1 requests, this flaw allows attacker to unauthorized access of sensitive information and data alteration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47905"
},
{
"category": "external",
"summary": "RHBZ#2364235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47905"
}
],
"release_date": "2025-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-29T08:50:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8294"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-devel-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-docs-0:6.0.8-3.module+el8.8.0+23121+d8c7990e.3.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.8.0.Z.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: request smuggling attacks"
}
]
}
RHSA-2025:8310
Vulnerability from csaf_redhat - Published: 2025-05-29 12:37 - Updated: 2026-03-18 03:00Summary
Red Hat Security Advisory: varnish:6 security update
Severity
Important
Notes
Topic: An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: request smuggling attacks (CVE-2025-47905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information.
8.1 (High)
Affected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: request smuggling attacks (CVE-2025-47905)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8310",
"url": "https://access.redhat.com/errata/RHSA-2025:8310"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2364235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364235"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8310.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2026-03-18T03:00:43+00:00",
"generator": {
"date": "2026-03-18T03:00:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:8310",
"initial_release_date": "2025-05-29T12:37:36+00:00",
"revision_history": [
{
"date": "2025-05-29T12:37:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-29T12:37:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:00:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=src\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=src\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=x86_64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=x86_64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=x86_64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=x86_64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=aarch64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=aarch64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=aarch64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=aarch64\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=ppc64le\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=ppc64le\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=ppc64le\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=ppc64le\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x (varnish:6)",
"product_id": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=s390x\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=s390x\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.8-2.module%2Bel8.6.0%2B23122%2B0639db89.4?arch=s390x\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.5.0%2B11976%2B0b4af72d?arch=s390x\u0026rpmmod=varnish:6:8060020250522133304:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47905",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-05-05T20:49:45.130000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2364235"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: request smuggling attacks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because this is a client-side desync vulnerability in Varnish handling a chunked transfer encoding, where it mishandles CRLF delimiters, allows attackers to smuggle additional HTTP/1 requests, this flaw allows attacker to unauthorized access of sensitive information and data alteration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47905"
},
{
"category": "external",
"summary": "RHBZ#2364235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47905"
}
],
"release_date": "2025-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-29T12:37:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8310"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.AUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x::varnish:6",
"AppStream-8.6.0.Z.E4S:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.src::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-devel-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-docs-0:6.0.8-2.module+el8.6.0+23122+0639db89.4.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.src::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6",
"AppStream-8.6.0.Z.TUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: request smuggling attacks"
}
]
}
RHSA-2025:8336
Vulnerability from csaf_redhat - Published: 2025-06-02 03:23 - Updated: 2026-03-18 03:00Summary
Red Hat Security Advisory: varnish:6 security update
Severity
Important
Notes
Topic: An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
* varnish: request smuggling attacks (CVE-2025-47905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information.
8.1 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up.\n\nSecurity Fix(es):\n\n* varnish: request smuggling attacks (CVE-2025-47905)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8336",
"url": "https://access.redhat.com/errata/RHSA-2025:8336"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2364235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364235"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8336.json"
}
],
"title": "Red Hat Security Advisory: varnish:6 security update",
"tracking": {
"current_release_date": "2026-03-18T03:00:49+00:00",
"generator": {
"date": "2026-03-18T03:00:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:8336",
"initial_release_date": "2025-06-02T03:23:55+00:00",
"revision_history": [
{
"date": "2025-06-02T03:23:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-02T03:23:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:00:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=src\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=src\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64 (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=aarch64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=aarch64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=aarch64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=aarch64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=aarch64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=aarch64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=ppc64le\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=ppc64le\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=ppc64le\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=ppc64le\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=ppc64le\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=ppc64le\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=s390x\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=s390x\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=s390x\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=s390x\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=s390x\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=s390x\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"product": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64 (varnish:6)",
"product_id": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=x86_64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"product": {
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64 (varnish:6)",
"product_id": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-devel@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=x86_64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"product": {
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64 (varnish:6)",
"product_id": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-docs@6.0.13-1.module%2Bel8.10.0%2B23111%2B831cc069.1?arch=x86_64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"product": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64 (varnish:6)",
"product_id": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=x86_64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64 (varnish:6)",
"product_id": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debuginfo@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=x86_64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
},
{
"category": "product_version",
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"product": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64 (varnish:6)",
"product_id": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/varnish-modules-debugsource@0.15.0-6.module%2Bel8.10.0%2B21682%2Bbcdd3a30?arch=x86_64\u0026rpmmod=varnish:6:8100020250521162715:489197e6"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6"
},
"product_reference": "varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6"
},
"product_reference": "varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6"
},
"product_reference": "varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6"
},
"product_reference": "varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64 (varnish:6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6"
},
"product_reference": "varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47905",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-05-05T20:49:45.130000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2364235"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "varnish: request smuggling attacks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an IMPORTANT severity because this is a client-side desync vulnerability in Varnish handling a chunked transfer encoding, where it mishandles CRLF delimiters, allows attackers to smuggle additional HTTP/1 requests, this flaw allows attacker to unauthorized access of sensitive information and data alteration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47905"
},
{
"category": "external",
"summary": "RHBZ#2364235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47905"
}
],
"release_date": "2025-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T03:23:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8336"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.src::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-devel-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-docs-0:6.0.13-1.module+el8.10.0+23111+831cc069.1.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.src::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debuginfo-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.aarch64::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.ppc64le::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.s390x::varnish:6",
"AppStream-8.10.0.Z.MAIN.EUS:varnish-modules-debugsource-0:0.15.0-6.module+el8.10.0+21682+bcdd3a30.x86_64::varnish:6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "varnish: request smuggling attacks"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…