42 matches found
SUSE CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869...
RHEL 6 / 7 / 8 : AMQ Clients 2.6.0 Release (Important) (RHSA-2020:0601)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0601 advisory. Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Brok...
Debian DSA-4885-1 : netty - security update
Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
Ubuntu 18.04 LTS : Netty vulnerabilities (USN-4600-2)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4600-2 advisory. USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it...
USN-4600-1: Netty vulnerabilities
It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238...
Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability
Summary IBM Security Guardium Insights has addressed the following vulnerability Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling Transfer-Encoding whitespace and a later Content-Length header. By sending a...
Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-7238)
Summary IBM Cloud Private is vulnerable to a Netty vulnerability Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling Transfer-Encoding whitespace and a later Content-Length header. By sending a specially-crafted...
Debian DLA-2364-1 : netty security update
Several vulnerabilities have been discovered in netty, a Java NIO client/server socket framework. CVE-2019-20444 HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interprete...
Debian: Security Advisory (DLA-2364-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2364-1] netty security update
Debian LTS Advisory DLA-2364-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez September 04, 2020 https://wiki.debian.org/LTS Package : netty Version : 1:4.1.7-2+deb9u2 CVE ID : CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612 Debian Bug : 950966 9509...
Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.8.0 Security Update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Important: Red Hat Security Advisory: Red Hat Decision Manager 7.8.0 Security Update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Important: Red Hat Security Advisory: Red Hat Fuse 7.7.0 release and security update
A minor version update from 7.6 to 7.7 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Security Bulletin: Vulnerabilities in Netty affect IBM Netcool Agile Service Manager (CVE-2020-7238)
Summary Vulnerabilities in Netty used by IBM Netcool Agile Service Manager have been identified. Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling...
Important: Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 19 security update
This is a security update for JBoss EAP Continuous Delivery 19. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.6 security update
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238)
Summary Netty is used by IBM Spectrum Scale Transparent Cloud Tiering. IBM Spectrum Scale Transparent Cloud Tiering has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling...
Security Bulletin: A vulnerability have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-7238)
Summary Netty is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library for Message Bus Integration. Information about the security vulnerability affecting Netty has been published. CVE-2020-7238 Vulnerability Details CVEID: CVE-2020-7238...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.4.3 release and security update
Red Hat AMQ Broker 7.4.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.6 release and security update
Red Hat AMQ Broker 7.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...