Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Possible request smuggling in HTTP/2 due missing validation of content-length

🗓️ 30 Mar 2021 15:38:10Reported by GitHub Advisory DatabaseType 
github
 github🔗 github.com👁 47 Views

Possible request smuggling in HTTP/2 due missing validation of content-length. Impact on content-length header validation, patch in 4.1.61.Final, workarounds to validate the header

Show more
Related
Detection
Refs
ReporterTitlePublishedViews
Family
Tenable Nessus		Photon OS 2.0: Zookeeper PHSA-2021-2.0-0358
21 Jun 202100:00
nessus
Tenable Nessus		Photon OS 3.0: Zookeeper PHSA-2021-3.0-0254
21 Jun 202100:00
nessus
Tenable Nessus		Photon OS 4.0: Zookeeper PHSA-2021-4.0-0031
23 Jul 202400:00
nessus
Tenable Nessus		RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 7 (RHSA-2021:2693)
13 Jul 202100:00
nessus
Tenable Nessus		RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 8 (RHSA-2021:2694)
13 Jul 202100:00
nessus
Tenable Nessus		openSUSE 15 Security Update : netty (SUSE-SU-2022:1315-1)
20 Jan 202300:00
nessus
Tenable Nessus		RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 6 (RHSA-2021:2692)
13 Jul 202100:00
nessus
Tenable Nessus		RHEL 7 / 8 : AMQ Clients 2.9.1 (RHSA-2021:1511)
6 May 202100:00
nessus
Tenable Nessus		Oracle Primavera Gateway (Jul 2021 CPU)
22 Jul 202100:00
nessus
Tenable Nessus		Debian DSA-4885-1 : netty - security update
6 Apr 202100:00
nessus
Rows per page
Vulners
Node
io.nettynettyRange<4.0.0
OR
org.jboss.nettynettyRange<4.0.0
OR
io.nettynetty\-codec\-http2Range4.0.04.1.61.Final
SourceLink
githubwww.github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
githubwww.github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
githubwww.github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432
cvewww.cve.mitre.org/cgi-bin/cvename.cgi
nvdwww.nvd.nist.gov/vuln/detail/CVE-2021-21409
debianwww.debian.org/security/2021/dsa-4885
listswww.lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E
listswww.lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E
listswww.lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E
listswww.lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E
Rows per page

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Mar 2021 15:10Current
0.4Low risk
Vulners AI Score0.4
CVSS24.3
CVSS35.9
EPSS0.01833
CWE-444
request smugglinghttp/2content-lengthheader validationpatch4.1.61.finalworkaroundssoftware
47
.json
Report