exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

CVE-2019-20444

Status Candidate

Overview

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Related Files

Ubuntu Security Notice USN-4600-2
Posted Oct 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4600-2 - USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-20444, CVE-2020-11612
SHA-256 | 2743e423223a69bc2e5a3493c5262e8e506d7718197a2ac2bde20270a2a9ba90
Ubuntu Security Notice USN-4600-1
Posted Oct 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4600-1 - It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-16869, CVE-2019-20444, CVE-2019-20445
SHA-256 | d12085a4920d290d321a577a5b2b9689e02c4884a87a467a951317f34cfcb982
Ubuntu Security Notice USN-4532-1
Posted Sep 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4532-1 - It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header that lacks a colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2019-16869, CVE-2019-20444, CVE-2019-20445
SHA-256 | 2f54f490a7d1b2412572a85a25f8724e577ce5e656973f71b6cf173cdf22ca6b
Red Hat Security Advisory 2020-3197-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3197-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.8.0 serves as an update to Red Hat Process Automation Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-10086, CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-16869, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-1718
SHA-256 | a15ccfa9329679e05a6ecaa4123f1c5d3a9080732413f5c3b568c78c83c33b9b
Red Hat Security Advisory 2020-3196-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3196-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.8.0 serves as an update to Red Hat Decision Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-16869, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-1718, CVE-2020-7238
SHA-256 | 19707209eebd7d23d58d5eac714f5aec7fe71e79b5a8b0ea417379cd8fe36ad3
Red Hat Security Advisory 2020-3192-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3192-01 - This release of Red Hat Fuse 7.7.0 serves as a replacement for Red Hat Fuse 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, XML injection, bypass, cross site scripting, denial of service, information leakage, and server-side request forgery vulnerabilities.

tags | advisory, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2016-4970, CVE-2018-1000632, CVE-2018-11797, CVE-2018-12541, CVE-2018-3831, CVE-2019-0231, CVE-2019-10086, CVE-2019-10172, CVE-2019-12086, CVE-2019-12400, CVE-2019-14540, CVE-2019-14888, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2019-3797, CVE-2019-9511, CVE-2019-9827, CVE-2020-10672
SHA-256 | 7c2d2464e2e75c435724268e7235a048d87b1886dbc11e01f6fa6141b8a86b2c
Red Hat Security Advisory 2020-2333-01
Posted May 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2333-01 - Red Hat JBoss Enterprise Application Platform CD19 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD19 includes bug fixes and enhancements. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, and out of bounds read vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-10174, CVE-2019-12419, CVE-2019-12423, CVE-2019-14540, CVE-2019-14887, CVE-2019-14888, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16869, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2020-10672, CVE-2020-10688, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111
SHA-256 | 60c6cfb83e5036b1ce51c4410ffab8547065d86cf420e7222face7dc4b27fe8f
Red Hat Security Advisory 2020-2321-01
Posted May 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2321-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.6 serves as a replacement for Red Hat Data Grid 7.3.5 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include HTTP request smuggling, cross site scripting, out of bounds read, and traversal vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2018-10862, CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-10219, CVE-2019-14540, CVE-2019-16869, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 37188b4f3d0ad45e53ae50f81ab79f3432ce0a83d98c55f4c8cc57bb3deb1677
Red Hat Security Advisory 2020-1445-01
Posted Apr 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1445-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.3 serves as a replacement for Red Hat AMQ Broker 7.4.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol, xss
systems | linux, redhat
advisories | CVE-2019-0222, CVE-2019-10241, CVE-2019-10247, CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2019-9511, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-7238
SHA-256 | 9fad7001be8ab7acae10dfb49140dbc4d9dede2070a24edb84c881c1a41d80ca
Red Hat Security Advisory 2020-0951-01
Posted Mar 24, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0951-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.7 serves as a replacement for Red Hat Single Sign-On 7.3.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-12400, CVE-2019-14885, CVE-2019-14887, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2020-1744, CVE-2020-7238
SHA-256 | 34dac8ae636745443cf5f4c204f5fc6505f448e11d7503980ae0dac5662c15cf
Red Hat Security Advisory 2020-0939-01
Posted Mar 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0939-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.4.0 serves as a replacement for Red Hat AMQ Streams 1.3.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-12399, CVE-2019-16942, CVE-2019-16943, CVE-2019-17531, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 99bc63d1d1b7897c5007d7edd2cde6b0584b2ea1fcb8f8b53be733a054867748
Red Hat Security Advisory 2020-0922-01
Posted Mar 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0922-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.6.0 serves as a replacement for Red Hat AMQ Broker 7.5.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol, xss
systems | linux, redhat
advisories | CVE-2019-0222, CVE-2019-10241, CVE-2019-10247, CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2019-9511, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-7238
SHA-256 | e28f8c201acac84c857d85538a4cdf5aa62cf4a71c3756bb81586cc2df2e22b0
Red Hat Security Advisory 2020-0804-01
Posted Mar 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0804-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.6, and includes bug fixes and enhancements. Issues addressed include an out-of-bounds read and HTTP response smuggling.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-12400, CVE-2019-14887, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 38f8c8af4ba50c7e0be81c9c2e85755146bedbb15f38c6a4b654caf2975f6a05
Red Hat Security Advisory 2020-0805-01
Posted Mar 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0805-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.6, and includes bug fixes and enhancements. Issues addressed include an out-of-bounds read and HTTP response smuggling.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-12400, CVE-2019-14887, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 413da814d98d1956bc538ff7b729936c0bbde62fdc992b8e1a3c16b77847a3e0
Red Hat Security Advisory 2020-0806-01
Posted Mar 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0806-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.6, and includes bug fixes and enhancements. Issues addressed include HTTP response smuggling.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-12400, CVE-2019-14887, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 6d80cde473c1888acc3a5a6d12d190e079a6f4830559f4cf1e8dd913037abea1
Red Hat Security Advisory 2020-0811-01
Posted Mar 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0811-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.6, and includes bug fixes and enhancements. Issues addressed include an out-of-bounds read.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-12400, CVE-2019-14887, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 364306a4d24df896f45dc0d649d91e393c57d4ed0cb42ac9fc83fb92fed5e29b
Red Hat Security Advisory 2020-0567-01
Posted Mar 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0567-01 - This release of Red Hat build of Eclipse Vert.x 3.8.5 includes security updates, bug fixes, and enhancements. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 0b4509783ea57282385660eff66e033ecf2a133395097e433a3aa74442a3937b
Red Hat Security Advisory 2020-0601-01
Posted Feb 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0601-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 8d43dd0822bbae7d88d811021e172eed30df934e109bf667724da9e33aa4290a
Red Hat Security Advisory 2020-0497-01
Posted Feb 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0497-01 - The release of Red Hat AMQ Online 1.3.3 serves as a replacement for AMQ online 1.3.2, and includes bug fixes and enhancements. Request smuggling and other security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 26852e77b838e0d5a87fe97d3c16c806d3cdf8d7434d7b5456efee625099d1f1
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close