CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-20444

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile37.88th
Published2020年1月29日
Last Modified2025年7月1日

Vulnerability Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Affected Platforms (CPE)

📦
Netty

Netty

< 4.1.44
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0
💻
Fedoraproject

Fedora

= 33
💻
Canonical

Ubuntu Linux

= 18.04
📦
Redhat

Jboss Amq Clients

= 2
📦
Redhat

Jboss Enterprise Application Platform

= 7.2
📦
Redhat

Jboss Enterprise Application Platform

= 7.3

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2020:0497
🔗 https://access.redhat.com/errata/RHSA-2020:0567
🔗 https://access.redhat.com/errata/RHSA-2020:0601
🔗 https://access.redhat.com/errata/RHSA-2020:0605
🔗 https://access.redhat.com/errata/RHSA-2020:0606
🔗 https://access.redhat.com/errata/RHSA-2020:0804
🔗 https://access.redhat.com/errata/RHSA-2020:0805
🔗 https://access.redhat.com/errata/RHSA-2020:0806

相关漏洞威胁

CVE-2025-112539.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ...

CVE-2020-119739.8

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are aff...

CVE-2019-204459.1

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, ...

CVE-2026-456748.7

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2....