CVE-2019-16869
Description
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a Transfer-Encoding : chunked line), which leads to HTTP request smuggling.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
3.007
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-16869 are fixed in netty-all 4.1.42 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.4 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.2 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple vulnerabilities are affected in JBoss-netty 3.9.9 | Windows |
| Asynchronous event-driven network application framework (USN-4532-1) libnetty-3.9-java_3.9.9.Final-1+deb9u1build0.18.04.1_all.deb | Linux |
| Asynchronous event-driven network application framework (USN-4600-1) libnetty-3.9-java_3.9.0.Final-1ubuntu0.1_all.deb | Linux |
| Vulnerabilities CVE-2019-16869 are fixed in netty-all for Linux 4.1.42 | Linux |
| Multiple vulnerabilities are affected in JBoss-netty for Linux 3.9.9 | Linux |
| Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability (CVE-2019-16869) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234