HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:09
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-01-29 21:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-20445
Mitre link : CVE-2019-20445
CVE.ORG link : CVE-2019-20445
JSON object : View
Products Affected
redhat
- enterprise_linux
- jboss_amq_clients
- jboss_enterprise_application_platform
apache
- spark
netty
- netty
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')