First published: Tue Sep 22 2020(Updated: )
It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-16869) It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header that lacks a colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-20444) It was discovered that Netty incorrectly handled certain HTTP headers. By sending a Content-Length header accompanied by a second Content-Length header, or by a Transfer-Encoding header, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-20445)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libnetty-3.9-java | <3.9.9.Final-1+deb9u1build0.18.04.1 | 3.9.9.Final-1+deb9u1build0.18.04.1 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for the Netty vulnerability is CVE-2019-16869.
The Netty vulnerability allows a remote attacker to perform an HTTP request smuggling attack.
The affected software for the Netty vulnerability is libnetty-3.9-java version 3.9.9.Final-1+deb9u1build0.18.04.1 on Ubuntu 18.04.
To fix the Netty vulnerability, update the libnetty-3.9-java package to version 3.9.9.Final-1+deb9u1build0.18.04.1 or later.
More information about the Netty vulnerability can be found on the Ubuntu Security website: <a href="https://ubuntu.com/security/CVE-2019-16869">https://ubuntu.com/security/CVE-2019-16869</a>.