medium
6.5
CWE
444 79
Advisory Published
Advisory Published
Updated

CVE-2021-43797: HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling

First published: Thu Dec 09 2021(Updated: )

### Impact Netty currently just skips control chars when these are present at the beginning / end of the header name. We should better fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore and so not do the validation itself.

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
maven/io.netty:netty<4.0.0
maven/org.jboss.netty:netty<4.0.0
maven/io.netty:netty-codec-http>=4.0.0<4.1.71.Final
4.1.71.Final
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el8ea
0:4.1.72-4.Final_redhat_00001.1.el8ea
redhat/eap7-netty<0:4.1.72-4.Final_redhat_00001.1.el7ea
0:4.1.72-4.Final_redhat_00001.1.el7ea
redhat/candlepin<0:4.1.13-1.el7
0:4.1.13-1.el7
redhat/candlepin<0:4.1.13-1.el8
0:4.1.13-1.el8
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
0:15.0.8-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak<0:18.0.3-1.redhat_00001.1.el7
0:18.0.3-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.3-1.redhat_00001.1.el8
0:18.0.3-1.redhat_00001.1.el8
redhat/rh-sso7<0:1-5.el9
0:1-5.el9
redhat/rh-sso7-javapackages-tools<0:6.0.0-7.el9
0:6.0.0-7.el9
redhat/rh-sso7-keycloak<0:18.0.3-1.redhat_00001.1.el9
0:18.0.3-1.redhat_00001.1.el9
redhat/netty-codec-http<4.1.72.
4.1.72.
Netty Netty<4.1.71
Quarkus Quarkus<2.5.3
NetApp OnCommand Workflow Automation
Netapp Snapcenter
Oracle Banking Deposits And Lines Of Credit Servicing=2.7
Oracle Banking Party Management=2.7.0
Oracle Banking Platform=2.6.2
Oracle Coherence=12.2.1.4.0
Oracle Coherence=14.1.1.0.0
Oracle Communications Cloud Native Core Binding Support Function=1.11.0
Oracle Communications Cloud Native Core Network Slice Selection Function=1.8.0
Oracle Communications Cloud Native Core Policy=1.15.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy=1.7.0
Oracle Communications Cloud Native Core Unified Data Repository=1.15.0
Oracle Communications Design Studio=7.4.2
Oracle Communications Instant Messaging Server=8.1
Oracle Helidon=1.4.10
Oracle Helidon=2.4.0
Oracle PeopleSoft Enterprise PeopleTools=8.58
Oracle PeopleSoft Enterprise PeopleTools=8.59
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/netty
1:4.1.48-4+deb11u2
1:4.1.48-7+deb12u1
1:4.1.48-10
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
<4.1.71
<2.5.3
=2.7
=2.7.0
=2.6.2
=12.2.1.4.0
=14.1.1.0.0
=1.11.0
=1.8.0
=1.15.0
=1.7.0
=1.15.0
=7.4.2
=8.1
=1.4.10
=2.4.0
=8.58
=8.59
=10.0
=11.0

Remedy

https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323

Remedy

https://www.oracle.com/security-alerts/cpuapr2022.html

Remedy

https://www.oracle.com/security-alerts/cpujul2022.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2021-43797?

    CVE-2021-43797 is a vulnerability in the netty-codec-http package of Netty, allowing unauthorized access to control chars in the header name.

  • What is the severity of CVE-2021-43797?

    CVE-2021-43797 has a high severity rating of 6.5.

  • How does CVE-2021-43797 impact Netty?

    CVE-2021-43797 impacts Netty by enabling unauthorized access to control chars in the header name, potentially leading to security breaches.

  • What is the recommended version of netty-codec-http to fix CVE-2021-43797?

    To fix CVE-2021-43797, it is recommended to update netty-codec-http to version 4.1.72 or higher.

  • Where can I find more information about CVE-2021-43797?

    You can find more information about CVE-2021-43797 on the GitHub Security Advisory page at https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203