Lucene search

K
ibmIBMB4DB31CCF8E40133FFCB7AAD4CC25E72075DFB85202833FD1EA11B62061BBECA
HistoryApr 29, 2020 - 4:56 p.m.

Security Bulletin: A vulnerability have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-7238)

2020-04-2916:56:58
www.ibm.com
14
netty
ibm tivoli netcool
omnibus
transport module
common integration library
http request smuggling
web cache poisoning
web application firewall
xss attacks
cve-2020-7238

EPSS

0.004

Percentile

72.3%

Summary

Netty is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library for Message Bus Integration. Information about the security vulnerability affecting Netty has been published. (CVE-2020-7238)

Vulnerability Details

CVEID:CVE-2020-7238
**DESCRIPTION:**Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling Transfer-Encoding whitespace and a later Content-Length header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library common-transportmodule-12_0 up to and including common-transportmodule-23_0

Remediation/Fixes

Affected Product(s) Version(s)
IBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library common-transportmodule-24_0

Workarounds and Mitigations

None

EPSS

0.004

Percentile

72.3%