CVE-2021-43797
Description
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to sanitize header names before it forward these to another remote system when used as proxy. This remote system cant see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.381
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-43797 are fixed in Netty-netty-codec-http 4.1.71 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.6 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.2 | Windows |
| Multiple vulnerabilities are affected in JBoss-netty 3.9.9 | Windows |
| Multiple vulnerabilities are affected in netty 3.9.9 | Windows |
| (RHSA-2022:5498) Satellite 6.11 Release foreman-cli-3.1.1.21-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release foreman-cli-3.1.1.21-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-clamp-1.1.2-7.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-clamp-1.1.2-7.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hashie-3.6.0-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-highline-2.0.3-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-highline-2.0.3-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-jwt-2.2.2-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-locale-2.0.9-15.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-logging-2.3.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-netrc-0.11.0-6.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-oauth-0.5.4-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf-0.1.3-9.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-cli-6.11.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-cli-6.11.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-clone-3.1.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-clone-3.1.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-maintain-0.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-maintain-0.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-runtime-7.0-1.el7sat.x86_64.rpm | Linux |
| Vulnerabilities CVE-2021-43797 are fixed in Netty-netty-codec-http for Linux 4.1.71 | Linux |
| Multiple vulnerabilities are affected in JBoss-netty for Linux 3.9.9 | Linux |
| Multiple vulnerabilities are affected in netty for Linux 3.9.9 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234