Home

CVE-2019-20445

Description

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
2.837

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-7238,CVE-2019-20445 are fixed in Netty-netty-handler 4.1.45Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.2Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1Windows
Multiple vulnerabilities are affected in JBoss-netty 3.9.9Windows
Multiple vulnerabilities are affected in netty 3.9.9Windows
Asynchronous event-driven network application framework (USN-4532-1) libnetty-3.9-java_3.9.9.Final-1+deb9u1build0.18.04.1_all.debLinux
Asynchronous event-driven network application framework (USN-4600-1) libnetty-3.9-java_3.9.0.Final-1ubuntu0.1_all.debLinux
None (USN-4600-2) libnetty-java_4.1.7-4ubuntu0.1_all.debLinux
Vulnerabilities CVE-2020-7238,CVE-2019-20445 are fixed in Netty-netty-handler for Linux 4.1.45Linux
Multiple vulnerabilities are affected in JBoss-netty for Linux 3.9.9Linux
Multiple vulnerabilities are affected in netty for Linux 3.9.9Linux
Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability (CVE-2019-20445)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234