CyberSec.Space Logo
Back to CVE Browser

CVE-2019-20444

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile37.88th
PublishedJan 29, 2020
Last ModifiedJul 1, 2025

Vulnerability Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Affected Platforms (CPE)

πŸ“¦
Netty

Netty

< 4.1.44
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Debian

Debian Linux

= 10.0
πŸ’»
Fedoraproject

Fedora

= 33
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ“¦
Redhat

Jboss Amq Clients

= 2
πŸ“¦
Redhat

Jboss Enterprise Application Platform

= 7.2
πŸ“¦
Redhat

Jboss Enterprise Application Platform

= 7.3

References & Advisories

πŸ”— https://access.redhat.com/errata/RHSA-2020:0497
πŸ”— https://access.redhat.com/errata/RHSA-2020:0567
πŸ”— https://access.redhat.com/errata/RHSA-2020:0601
πŸ”— https://access.redhat.com/errata/RHSA-2020:0605
πŸ”— https://access.redhat.com/errata/RHSA-2020:0606
πŸ”— https://access.redhat.com/errata/RHSA-2020:0804
πŸ”— https://access.redhat.com/errata/RHSA-2020:0805
πŸ”— https://access.redhat.com/errata/RHSA-2020:0806

Related Vulnerabilities

CVE-2025-112539.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ...

CVE-2020-119739.8

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are aff...

CVE-2019-204459.1

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, ...

CVE-2026-456748.7

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2....