exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

CVE-2021-43797

Status Candidate

Overview

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.

Related Files

Ubuntu Security Notice USN-6049-1
Posted May 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6049-1 - It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-11612, CVE-2021-21290, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915
SHA-256 | 7e20c4b100a01d5436fdc3d622df85ec25fc16ce3f77384791bc1e053d16f411
Debian Security Advisory 5316-1
Posted Jan 12, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5316-1 - Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.

tags | advisory, java, web, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915
SHA-256 | d79e44dc740a4bdba61067f17bc2f8d1870d872798afcbc0a4bdd6ffab09ccdd
Red Hat Security Advisory 2022-7410-01
Posted Nov 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7410-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0225, CVE-2022-0866, CVE-2022-2668
SHA-256 | 20de8cac035eb0328ec9dcb7ce2f968147a87e30dacad7dfd94b929d9ff397da
Red Hat Security Advisory 2022-7409-01
Posted Nov 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7409-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0225, CVE-2022-0866, CVE-2022-2668
SHA-256 | c920db1dec3b041d6c286f4114456a9165972f7534a40725c37eb60214d02198
Red Hat Security Advisory 2022-7417-01
Posted Nov 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7417-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0225, CVE-2022-0866, CVE-2022-2668
SHA-256 | 66e7c910cb690290044b2d3be37ff70715adf821991f2d81a1677e4efb1eff1d
Red Hat Security Advisory 2022-7411-01
Posted Nov 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7411-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0225, CVE-2022-0866, CVE-2022-2668
SHA-256 | 783a2b010e945a3b187cff896274ec22adcdcf88ca22b7e1c6c7a3ebc2cc25ec
Red Hat Security Advisory 2022-6782-01
Posted Oct 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6782-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0225, CVE-2022-0866, CVE-2022-2256, CVE-2022-2668
SHA-256 | 3f148abf3e1d7783fdbb7b295faf665cc66091c74ed2574ed8bb517021defb68
Red Hat Security Advisory 2022-6787-01
Posted Oct 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6787-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.3 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0225, CVE-2022-0866, CVE-2022-2256, CVE-2022-2668
SHA-256 | 271756341073654fcee5cc794ed943b6caf607b6082cce3ac034db8a5cd1903a
Red Hat Security Advisory 2022-6783-01
Posted Oct 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6783-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.3 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0225, CVE-2022-0866, CVE-2022-2256, CVE-2022-2668
SHA-256 | c634291e814c5d71d9282254b7ea4a4726267ec9b38abf7abd26f66ed5f82571
Red Hat Security Advisory 2022-5903-01
Posted Aug 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5903-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Issues addressed include HTTP request smuggling, denial of service, and deserialization vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-22569, CVE-2021-2471, CVE-2021-36373, CVE-2021-3642, CVE-2021-3644, CVE-2021-37136, CVE-2021-37137, CVE-2021-3717, CVE-2021-37714, CVE-2021-43797, CVE-2022-22950, CVE-2022-25647
SHA-256 | 64f14a1390aa598b8f7f7082ac1e23e09426694792e54d265ca579256dd960fb
Red Hat Security Advisory 2022-5101-01
Posted Jun 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5101-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.0 serves as a replacement for Red Hat AMQ Broker 7.9.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2019-10744, CVE-2020-36518, CVE-2021-4040, CVE-2021-43797, CVE-2022-1833, CVE-2022-22968, CVE-2022-23913
SHA-256 | 891960734e7d0b04a094b7cc3327354f46fb865081875776be3a8e74d43869ed
Red Hat Security Advisory 2022-4919-01
Posted Jun 7, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4919-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-37136, CVE-2021-37137, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0853, CVE-2022-0866, CVE-2022-1319, CVE-2022-21299, CVE-2022-21363, CVE-2022-23221, CVE-2022-23437, CVE-2022-23913, CVE-2022-24785
SHA-256 | bf1afc73c8ba9c4a4c22d13d1cf262785aff0e2266900d5107732077a9be4c4c
Red Hat Security Advisory 2022-4918-01
Posted Jun 7, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4918-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-37136, CVE-2021-37137, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0853, CVE-2022-0866, CVE-2022-1319, CVE-2022-21299, CVE-2022-21363, CVE-2022-23221, CVE-2022-23437, CVE-2022-23913, CVE-2022-24785
SHA-256 | 8f6215dbc6e2ca60403953e5fff933cecb7aae3db0e8684fc171f45b5bcbc430
Red Hat Security Advisory 2022-4922-01
Posted Jun 7, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4922-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2020-36518, CVE-2021-37136, CVE-2021-37137, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0853, CVE-2022-0866, CVE-2022-1319, CVE-2022-21299, CVE-2022-21363, CVE-2022-23221, CVE-2022-23437, CVE-2022-23913, CVE-2022-24785
SHA-256 | 7662acf836b5f242e6276a07b00c0aa87639c1a35f4ad678bade67af019843c5
Red Hat Security Advisory 2022-4623-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4623-01 - This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

tags | advisory, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2021-22569, CVE-2021-29427, CVE-2021-29428, CVE-2021-29429, CVE-2021-3914, CVE-2021-43797, CVE-2022-0981, CVE-2022-21363, CVE-2022-21724
SHA-256 | 10e69ee091e2e078b2a41e7bbc107daf8c4ce083633ded9691b8ec2b700362a5
Red Hat Security Advisory 2022-2216-01
Posted May 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2216-01 - Logging Subsystem 5.4.1 - Red Hat OpenShift. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-37136, CVE-2021-37137, CVE-2021-4028, CVE-2021-43797, CVE-2022-0778, CVE-2022-1154, CVE-2022-1271, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21698, CVE-2022-25636
SHA-256 | e8448d15067ef4e108e62dd39572f25de537bd0cc05255cb4ff9f26a2036af6d
Red Hat Security Advisory 2022-2218-01
Posted May 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2218-01 - Openshift Logging Bug Fix Release. Issues addressed include HTTP request smuggling, denial of service, and man-in-the-middle vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-37136, CVE-2021-37137, CVE-2021-4028, CVE-2021-43797, CVE-2022-0759, CVE-2022-0778, CVE-2022-1154, CVE-2022-1271, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21698, CVE-2022-25636
SHA-256 | 0c5927e91c79b433162241dc82bdfd0e2fdad1d3d97c1f4a6ed341b8c4358a0b
Red Hat Security Advisory 2022-2217-01
Posted May 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2217-01 - Openshift Logging Bug Fix Release. Issues addressed include HTTP request smuggling, denial of service, and man-in-the-middle vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-37136, CVE-2021-37137, CVE-2021-4028, CVE-2021-43797, CVE-2022-0759, CVE-2022-0778, CVE-2022-1154, CVE-2022-1271, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21698, CVE-2022-25636
SHA-256 | 0ec4d077e744566221bfb42a084e913e4269ba131207183ed703c14611b8ba91
Red Hat Security Advisory 2022-1345-01
Posted Apr 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1345-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements. Issues addressed include HTTP request smuggling and integer overflow vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-3520, CVE-2021-43797
SHA-256 | ad7d0a5ea3bd59034ab1fa1bef28c21800f686847ce75f83e41e3e7a012f895f
Red Hat Security Advisory 2022-0520-01
Posted Feb 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0520-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.3.0 replaces Data Grid 8.2.3 and includes bug fixes and enhancements. Issues addressed include HTTP request smuggling, code execution, denial of service, and deserialization vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-29505, CVE-2021-3642, CVE-2021-37136, CVE-2021-37137, CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154, CVE-2021-43797
SHA-256 | 851e7d90129974b5aef9a1685ad0e47b2b5241fbd8c1cb7d5f745cf0ca63a06b
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    31 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close