HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
History
14 Sep 2021, 12:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4885 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E - Mailing List, Third Party Advisory |
24 Aug 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-01-29 21:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-20444
Mitre link : CVE-2019-20444
CVE.ORG link : CVE-2019-20444
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- jboss_amq_clients
- enterprise_linux
debian
- debian_linux
canonical
- ubuntu_linux
netty
- netty
fedoraproject
- fedora
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')