First published: Thu Oct 22 2020(Updated: )
It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libnetty-3.9-java | <3.9.0.Final-1ubuntu0.1 | 3.9.0.Final-1ubuntu0.1 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for these Netty vulnerabilities is CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238.
The severity of the Netty vulnerabilities is not provided in the provided information.
A remote attacker can exploit these Netty vulnerabilities to perform HTTP request smuggling attacks and extract sensitive information.
The affected software version is libnetty-3.9-java version 3.9.0.Final-1ubuntu0.1 on Ubuntu 16.04.
To fix these Netty vulnerabilities, you should update the libnetty-3.9-java package to version 3.9.0.Final-1ubuntu0.1 or later.