Home

CVE-2019-20444

Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an invalid fold.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
14.873

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-20444 are fixed in Netty-netty-codec-http 4.1.44Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.2Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1Windows
Multiple vulnerabilities are affected in JBoss-netty 3.9.9Windows
Multiple vulnerabilities are affected in netty 3.9.9Windows
Asynchronous event-driven network application framework (USN-4532-1) libnetty-3.9-java_3.9.9.Final-1+deb9u1build0.18.04.1_all.debLinux
Asynchronous event-driven network application framework (USN-4600-1) libnetty-3.9-java_3.9.0.Final-1ubuntu0.1_all.debLinux
None (USN-4600-2) libnetty-java_4.1.7-4ubuntu0.1_all.debLinux
Vulnerabilities CVE-2019-20444 are fixed in Netty-netty-codec-http for Linux 4.1.44Linux
Multiple vulnerabilities are affected in JBoss-netty for Linux 3.9.9Linux
Multiple vulnerabilities are affected in netty for Linux 3.9.9Linux
Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability (CVE-2019-20444)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234