CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-20445

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile15.88th
Published2020年1月29日
Last Modified2024年11月21日

Vulnerability Description

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

Affected Platforms (CPE)

📦
Netty

Netty

< 4.1.44
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0
💻
Fedoraproject

Fedora

= 33
💻
Canonical

Ubuntu Linux

= 18.04
📦
Redhat

Jboss Amq Clients

= 2
📦
Redhat

Jboss Enterprise Application Platform

= 7.2
📦
Redhat

Jboss Enterprise Application Platform

= 7.3
📦
Apache

Spark

= 2.4.7
📦
Apache

Spark

= 2.4.8

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2020:0497
🔗 https://access.redhat.com/errata/RHSA-2020:0567
🔗 https://access.redhat.com/errata/RHSA-2020:0601
🔗 https://access.redhat.com/errata/RHSA-2020:0605
🔗 https://access.redhat.com/errata/RHSA-2020:0606
🔗 https://access.redhat.com/errata/RHSA-2020:0804
🔗 https://access.redhat.com/errata/RHSA-2020:0805
🔗 https://access.redhat.com/errata/RHSA-2020:0806

相關漏洞威脅

CVE-2025-112539.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ...

CVE-2020-119739.8

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are aff...

CVE-2019-204449.1

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate h...

CVE-2026-456748.7

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2....