An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.
Created varnish tracking bugs for this issue: Affects: epel-7 [bug 2141843] Affects: fedora-all [bug 2141842]