Security Bulletin: Due to use of Netty, IBM Operations Analytics - Log Analysis is affected by denial of service, information disclosure, and HTTP request smuggling

Summary Netty in Apache ZooKeeper and Logstash is used by IBM Operations Analytics - Log Analysis as part of the client/server network transport layer, and network-related plugins for protocol and event transport. CVE-2014-0193, CVE-2014-3488, CVE-2015-2156, CVE-2019-20444, CVE-2024-47535,...

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to denial of service attacks and remote attack via restrictions bypass. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2015-2156 DESCRIPTION: Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in ...

com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2014-0193 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)

io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2014-0193 Source advisory: OSV:GHSA-7VPQ-G998-QPV7...

br.com.ingenieux:jbake-maven-plugin (>=0.0.3 <=0.0.9), com.alibaba.ons:ons-client (=1.0.0) +282 more potentially affected by CVE-2014-0193 via io.netty:netty-all (>=4.0.0.Beta1 <=4.0.18.Final)

io.netty:netty-all MAVEN version =4.0.0.Beta1, =0.0.3, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =1.1.1, =1.1.1, =1.1.6 - com.basho.riak:riak-client =2.0.2 and more Source cves: CVE-2014-0193 Source advisory: OSV:GHSA-7VPQ-G998-QPV7...

[SECURITY] [DLA 2110-1] netty-3.9 security update

Package : netty-3.9 Version : 3.9.0.Final-1+deb8u1 CVE ID : CVE-2014-0193 CVE-2014-3488 CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 Debian Bug : 746639 941266 950966 950967 Several vulnerabilities were discovered in Netty, a Java NIO client/server socket framework: CVE-2014-0193...

Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.0.0 security update

Red Hat JBoss Data Virtualization 6.0.0 2015 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.1.0 update

Red Hat JBoss Data Virtualization 6.1.0, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.3.0 update (Important) (RHSA-2014:1020)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1020 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.0 update (Important) (RHSA-2014:1019)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1019 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.0 update

Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.2 update

Red Hat JBoss BRMS 6.0.2, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

CVE-2014-0193

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service memory consumption via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames...

CVE-2014-0193

CVE-2014-0193 is a Netty WebSocket DoS vulnerability. The WebSocket08FrameDecoder in Netty versions 3.6.x (before 3.6.9), 3.7.x (before 3.7.1), 3.8.x (before 3.8.2), 3.9.x (before 3.9.1), and 4.0.x (before 4.0.19) can be triggered by sending a TextWebSocketFrame followed by a long stream of Conti...

CVE-2014-0193

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service memory consumption via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames...