CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
HTTP Request/Response Smuggling
Vendor | Product | Version |
---|---|---|
netty | netty | 4.1.43 |
debian | debian_linux | 8.0 |
debian | debian_linux | 9.0 |
debian | debian_linux | 10.0 |
redhat | jboss_enterprise_application_platform | 7.2 |
redhat | jboss_enterprise_application_platform | 7.3 |
redhat | jboss_enterprise_application_platform | 7.4 |
redhat | jboss_enterprise_application_platform_text-only_advisories | - |
redhat | openshift_application_runtimes_text-only_advisories | - |
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
netty |
| ||||||||||||||||||||||||||
netty-3.9 |
|
Common Weakness Enumeration