Exploit for HTTP Request Smuggling in Varnish Cache Project Varnish Cache CVE-2022-45059

Name: Exploit for HTTP Request Smuggling in Varnish Cache Project Varnish Cache CVE-2022-45059
Rating: 5 (368 reviews)

2023-11-12 | CVSS 7.5

## https://sploitus.com/exploit?id=4A4AA90A-F976-589A-AE88-0D47F4BA0456
# CVE-2022-45059-demo

Varnish Cache releases 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1 and 7.2.0 have a request smuggling vulnerability where an attacker can request that the content-length header is made hop-by-hop.
This is a demo consisting of a Spring Boot web application running behind a vulnerable version of Varnish Cache.
A "victim" sends requests to the application every 5 seconds and the goal is to steal his cookies.

## Running the application

### Option 1 - Using prebuilt images
```
docker compose up
```
View the website at: http://localhost

### Option 2 - Build the images yourself
```
docker build -t <TAG_NAME> frontend
docker build -t <TAG_NAME> backend
docker build -t <TAG_NAME> victim
```
Update `docker-compose.yml` with your images and run `docker compose up`.  
View the website at: http://localhost

## Packet capture

Packet capturing is enabled on the backend and the pcap file is written to `./capture/backend.pcap`